# (o)DoH server list (DNS entries).
# See https://jpgpi250.github.io/piholemanual/doc/Block%20DOH%20with%20pfsense.pdf
#
# Last updated: 2025-05-22 02:09:02 (UTC)
# MD5 checksum file available.
#
# SID reservations: https://sidallocation.org/
# GitHub: https://github.com/sidallocation/sidallocation.org
#
# Report issues with this list at https://github.com/jpgpi250/piholemanual/issues
# Use SID Management to disable specific entries.
#
# Terms of Services (ToS)
# By using the datasets, you agree that:
#   The datasets can be used for both, commercial and non-commercial purpose without any limitations (CC0 - No Rights Reserved)
#   Data offered is served as it is on best effort
#   I (jpgpi250) can not be held liable for any false positive or damage caused by the use of the datasets offered.
#
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.google"; dns.query; content:"dns.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflare-dns.com"; dns.query; content:"cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns9.quad9.net"; dns.query; content:"dns9.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns10.quad9.net"; dns.query; content:"dns10.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cleanbrowsing.org"; dns.query; content:"doh.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnsoverhttps.net"; dns.query; content:"dns.dnsoverhttps.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.crypto.sx"; dns.query; content:"doh.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.powerdns.org"; dns.query; content:"doh.powerdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 8, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-jp.blahdns.com"; dns.query; content:"doh-jp.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 9, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dns-over-https.com"; dns.query; content:"dns.dns-over-https.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 10, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.securedns.eu"; dns.query; content:"doh.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 11, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rubyfish.cn"; dns.query; content:"dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 12, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnswarden.com"; dns.query; content:"doh.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 13, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.captnemo.in"; dns.query; content:"doh.captnemo.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 14, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tiar.app"; dns.query; content:"doh.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 15, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaflalo.me"; dns.query; content:"dns.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 16, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-nyc.aaflalo.me"; dns.query; content:"dns-nyc.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 17, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard.com"; dns.query; content:"dns.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 18, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-family.adguard.com"; dns.query; content:"dns-family.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 19, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alekberg.net"; dns.query; content:"dns.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 20, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.alekberg.net"; dns.query; content:"dns2.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 21, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsse.alekberg.net"; dns.query; content:"dnsse.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 22, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alidns.com"; dns.query; content:"dns.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 23, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aa.net.uk"; dns.query; content:"dns.aa.net.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 24, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.42l.fr"; dns.query; content:"doh.42l.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 25, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohtrial.att.net"; dns.query; content:"dohtrial.att.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 26, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-fi.blahdns.com"; dns.query; content:"doh-fi.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 27, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-de.blahdns.com"; dns.query; content:"doh-de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 28, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-sg.blahdns.com"; dns.query; content:"doh-sg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 29, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brahma.world"; dns.query; content:"dns.brahma.world"; nocase; fast_pattern; classtype:bad-unknown; sid:27990030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 30, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private.canadianshield.cira.ca"; dns.query; content:"private.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 31, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for protected.canadianshield.cira.ca"; dns.query; content:"protected.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 32, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.canadianshield.cira.ca"; dns.query; content:"family.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 33, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.opendns.com"; dns.query; content:"doh.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 34, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.familyshield.opendns.com"; dns.query; content:"doh.familyshield.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 35, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family-filter-dns.cleanbrowsing.org"; dns.query; content:"family-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 36, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adult-filter-dns.cleanbrowsing.org"; dns.query; content:"adult-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 37, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security-filter-dns.cleanbrowsing.org"; dns.query; content:"security-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 38, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for one.one.one.one"; dns.query; content:"one.one.one.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 39, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mozilla.cloudflare-dns.com"; dns.query; content:"mozilla.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 40, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1dot1dot1dot1.cloudflare-dns.com"; dns.query; content:"1dot1dot1dot1.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 41, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns64.cloudflare-dns.com"; dns.query; content:"dns64.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 42, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security.cloudflare-dns.com"; dns.query; content:"security.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 43, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.cloudflare-dns.com"; dns.query; content:"family.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 44, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xfinity.com"; dns.query; content:"doh.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 45, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.recursive.dnsbycomodo.com"; dns.query; content:"ns1.recursive.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 46, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.recursive.dnsbycomodo.com"; dns.query; content:"ns2.recursive.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 47, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for commons.host"; dns.query; content:"commons.host"; nocase; fast_pattern; classtype:bad-unknown; sid:27990048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 48, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.containerpi.com"; dns.query; content:"dns.containerpi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 49, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohdot.coxlab.net"; dns.query; content:"dohdot.coxlab.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 50, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-ipv6.crypto.sx"; dns.query; content:"doh-ipv6.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 51, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitale-gesellschaft.ch"; dns.query; content:"dns.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 52, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.li"; dns.query; content:"doh.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 53, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.dnscrypt.ca"; dns.query; content:"dns1.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 54, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.dnscrypt.ca"; dns.query; content:"dns2.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 55, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsforge.de"; dns.query; content:"dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 56, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnshome.de"; dns.query; content:"dns.dnshome.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 57, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnslify.com"; dns.query; content:"doh.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 58, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.ns.dnslify.com"; dns.query; content:"a.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 59, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.ns.dnslify.com"; dns.query; content:"b.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 60, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.safe.ns.dnslify.com"; dns.query; content:"a.safe.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 61, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.safe.ns.dnslify.com"; dns.query; content:"b.safe.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 62, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.family.ns.dnslify.com"; dns.query; content:"a.family.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 63, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.family.ns.dnslify.com"; dns.query; content:"b.family.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 64, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.seby.io"; dns.query; content:"doh.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 65, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-2.seby.io"; dns.query; content:"doh-2.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 66, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.sb"; dns.query; content:"doh.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 67, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.dyndnsinternetguide.com"; dns.query; content:"resolver1.dyndnsinternetguide.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 68, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.dyndnsinternetguide.com"; dns.query; content:"resolver2.dyndnsinternetguide.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 69, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ffmuc.net"; dns.query; content:"doh.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 70, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.applied-privacy.net"; dns.query; content:"doh.applied-privacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 71, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.233py.com"; dns.query; content:"dns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 72, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.233py.com"; dns.query; content:"i.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 73, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wdns.233py.com"; dns.query; content:"wdns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 74, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ndns.233py.com"; dns.query; content:"ndns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 75, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdns.233py.com"; dns.query; content:"sdns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 76, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for google-public-dns-a.google.com"; dns.query; content:"google-public-dns-a.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 77, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for google-public-dns-b.google.com"; dns.query; content:"google-public-dns-b.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 78, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns64.dns.google"; dns.query; content:"dns64.dns.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 79, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hostux.net"; dns.query; content:"dns.hostux.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 80, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ibuki.cgnat.net"; dns.query; content:"ibuki.cgnat.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 81, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ibksturm.synology.me"; dns.query; content:"ibksturm.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 82, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jcdns.fun"; dns.query; content:"jcdns.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27990083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 83, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver-eu.lelux.fi"; dns.query; content:"resolver-eu.lelux.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 84, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.libredns.gr"; dns.query; content:"doh.libredns.gr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 85, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mrkaran.dev"; dns.query; content:"dns.mrkaran.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 86, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nextdns.io"; dns.query; content:"dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 87, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.any.dns.nixnet.xyz"; dns.query; content:"uncensored.any.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 88, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.any.dns.nixnet.xyz"; dns.query; content:"adblock.any.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 89, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.lv1.dns.nixnet.xyz"; dns.query; content:"uncensored.lv1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 90, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.lv1.dns.nixnet.xyz"; dns.query; content:"adblock.lv1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 91, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.ny1.dns.nixnet.xyz"; dns.query; content:"uncensored.ny1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 92, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.ny1.dns.nixnet.xyz"; dns.query; content:"adblock.ny1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 93, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.lux1.dns.nixnet.xyz"; dns.query; content:"uncensored.lux1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 94, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.lux1.dns.nixnet.xyz"; dns.query; content:"adblock.lux1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 95, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.opendns.com"; dns.query; content:"resolver1.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 96, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.opendns.com"; dns.query; content:"resolver2.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 97, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1-fs.opendns.com"; dns.query; content:"resolver1-fs.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 98, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2-fs.opendns.com"; dns.query; content:"resolver2-fs.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 99, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.ipv6-sandbox.opendns.com"; dns.query; content:"resolver1.ipv6-sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 100, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.ipv6-sandbox.opendns.com"; dns.query; content:"resolver2.ipv6-sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 101, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oszx.co"; dns.query; content:"dns.oszx.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27990102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 102, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pumplex.com"; dns.query; content:"dns.pumplex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 103, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.centraleu.pi-dns.com"; dns.query; content:"doh.centraleu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 104, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.northeu.pi-dns.com"; dns.query; content:"doh.northeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 105, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.westus.pi-dns.com"; dns.query; content:"doh.westus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 106, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastus.pi-dns.com"; dns.query; content:"doh.eastus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 107, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quad9.net"; dns.query; content:"dns.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 108, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns11.quad9.net"; dns.query; content:"dns11.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 109, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rpz-public-resolver1.rrdns.pch.net"; dns.query; content:"rpz-public-resolver1.rrdns.pch.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 110, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-nosec.quad9.net"; dns.query; content:"dns-nosec.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 111, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.twnic.tw"; dns.query; content:"dns.twnic.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 112, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v6.rubyfish.cn"; dns.query; content:"v6.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 113, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ea-dns.rubyfish.cn"; dns.query; content:"ea-dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 114, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uw-dns.rubyfish.cn"; dns.query; content:"uw-dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 115, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads-doh.securedns.eu"; dns.query; content:"ads-doh.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 116, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi.doh.dns.snopyta.org"; dns.query; content:"fi.doh.dns.snopyta.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 117, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.switch.ch"; dns.query; content:"dns.switch.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 118, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tiarap.org"; dns.query; content:"doh.tiarap.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 119, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.tiar.app"; dns.query; content:"jp.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 120, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.tiarap.org"; dns.query; content:"jp.tiarap.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 121, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.t53.de"; dns.query; content:"dns.t53.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 122, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.appliedprivacy.net"; dns.query; content:"doh.appliedprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 123, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public.dns.iij.jp"; dns.query; content:"public.dns.iij.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27990124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 124, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.gridns.xyz"; dns.query; content:"jp.gridns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 125, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flatuslifir.is"; dns.query; content:"dns.flatuslifir.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27990126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 126, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odvr.nic.cz"; dns.query; content:"odvr.nic.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 127, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rumpelsepp.org"; dns.query; content:"rumpelsepp.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 128, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ordns.he.net"; dns.query; content:"ordns.he.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 129, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdns.faelix.net"; dns.query; content:"rdns.faelix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 130, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfree.usableprivacy.net"; dns.query; content:"adfree.usableprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 131, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for firefox.dns.nextdns.io"; dns.query; content:"firefox.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 132, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.apple.com.v.aaplimg.com"; dns.query; content:"doh.dns.apple.com.v.aaplimg.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 133, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.apple.com"; dns.query; content:"doh.dns.apple.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 134, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.233py.com.a.bdydns.com"; dns.query; content:"i.233py.com.a.bdydns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 135, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opencdn.jomodns.com"; dns.query; content:"opencdn.jomodns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 136, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.233py.com.cdn.cloudflare.net"; dns.query; content:"dns.233py.com.cdn.cloudflare.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 137, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edns.233py.com"; dns.query; content:"edns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 138, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-gcp.aaflalo.me"; dns.query; content:"dns-gcp.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 139, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.abmb.win"; dns.query; content:"doh.abmb.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 140, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.abmb.win"; dns.query; content:"doh2.abmb.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 141, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-unfiltered.adguard.com"; dns.query; content:"dns-unfiltered.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 142, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard-dns.com"; dns.query; content:"dns.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 143, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.adguard-dns.com"; dns.query; content:"family.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 144, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unfiltered.adguard-dns.com"; dns.query; content:"unfiltered.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 145, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nl.ahadns.net"; dns.query; content:"doh.nl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 146, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.in.ahadns.net"; dns.query; content:"doh.in.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 147, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.la.ahadns.net"; dns.query; content:"doh.la.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 148, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ny.ahadns.net"; dns.query; content:"doh.ny.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 149, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pl.ahadns.net"; dns.query; content:"doh.pl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 150, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.it.ahadns.net"; dns.query; content:"doh.it.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 151, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.es.ahadns.net"; dns.query; content:"doh.es.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 152, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.no.ahadns.net"; dns.query; content:"doh.no.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 153, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.chi.ahadns.net"; dns.query; content:"doh.chi.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 154, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.nl.ahadns.net"; dns.query; content:"dot.nl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 155, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.in.ahadns.net"; dns.query; content:"dot.in.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 156, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.la.ahadns.net"; dns.query; content:"dot.la.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 157, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ny.ahadns.net"; dns.query; content:"dot.ny.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 158, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.pl.ahadns.net"; dns.query; content:"dot.pl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 159, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.it.ahadns.net"; dns.query; content:"dot.it.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 160, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.es.ahadns.net"; dns.query; content:"dot.es.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 161, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.no.ahadns.net"; dns.query; content:"dot.no.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 162, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.chi.ahadns.net"; dns.query; content:"dot.chi.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 163, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnl.alekberg.net"; dns.query; content:"dnsnl.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 164, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot1.applied-privacy.net"; dns.query; content:"dot1.applied-privacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 165, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.armadillodns.net"; dns.query; content:"doh.armadillodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 166, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.blahdns.com"; dns.query; content:"doh1.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 167, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.b-cdn.net"; dns.query; content:"doh1.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 168, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.blahdns.com"; dns.query; content:"doh2.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 169, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.b-cdn.net"; dns.query; content:"doh2.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 170, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-ch.blahdns.com"; dns.query; content:"dot-ch.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 171, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-ch.blahdns.com"; dns.query; content:"doh-ch.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 172, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-fi.blahdns.com"; dns.query; content:"dot-fi.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 173, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-de.blahdns.com"; dns.query; content:"dot-de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 174, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-jp.blahdns.com"; dns.query; content:"dot-jp.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 175, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-sg.blahdns.com"; dns.query; content:"dot-sg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 176, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bortzmeyer.fr"; dns.query; content:"doh.bortzmeyer.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 177, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for free.bravedns.com"; dns.query; content:"free.bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 178, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bravedns.com"; dns.query; content:"bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 179, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for canadianshield.cira.ca"; dns.query; content:"canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 180, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudflare.com"; dns.query; content:"dns.cloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 181, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflare-gateway.com"; dns.query; content:"cloudflare-gateway.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 182, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cmrg.net"; dns.query; content:"dns.cmrg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 183, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jit.ddns.net"; dns.query; content:"jit.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 184, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.decloudus.com"; dns.query; content:"dns.decloudus.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 185, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.defaultroutes.de"; dns.query; content:"doh.defaultroutes.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 186, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.developer.li"; dns.query; content:"dns.developer.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 187, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.developer.li"; dns.query; content:"dns2.developer.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 188, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.digitale-gesellschaft.ch"; dns.query; content:"dns1.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 189, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.digitale-gesellschaft.ch"; dns.query; content:"dns2.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 190, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.disconnect.app"; dns.query; content:"doh.disconnect.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 191, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public-dns-a.dns.sb"; dns.query; content:"public-dns-a.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 192, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public-dns-b.dns.sb"; dns.query; content:"public-dns-b.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 193, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ffmuc.net"; dns.query; content:"dot.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 194, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdns.faelix.net"; dns.query; content:"pdns.faelix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 195, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.google.com"; dns.query; content:"dns.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 196, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for query.hdns.io"; dns.query; content:"query.hdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 197, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic.i2pd.xyz"; dns.query; content:"opennic.i2pd.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 198, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.dns.lavate.ch"; dns.query; content:"us1.dns.lavate.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 199, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu1.dns.lavate.ch"; dns.query; content:"eu1.dns.lavate.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 200, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.libredns.org"; dns.query; content:"doh.libredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 201, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.libredns.gr.com"; dns.query; content:"dot.libredns.gr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 202, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.libredns.gr"; dns.query; content:"dot.libredns.gr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 203, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.mydns.network"; dns.query; content:"adblock.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 204, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neutopia.org"; dns.query; content:"dns.neutopia.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 205, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nextdns.io"; dns.query; content:"dns1.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 206, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nextdns.io"; dns.query; content:"dns2.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 207, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv1.nixnet.xyz"; dns.query; content:"lv1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 208, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ny1.nixnet.xyz"; dns.query; content:"ny1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 209, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lux1.nixnet.xyz"; dns.query; content:"lux1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 210, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.njal.la"; dns.query; content:"dns.njal.la"; nocase; fast_pattern; classtype:bad-unknown; sid:27990211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 211, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sandbox.opendns.com"; dns.query; content:"doh.sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 212, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.passcloud.xyz"; dns.query; content:"a.passcloud.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 213, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.passcloud.xyz"; dns.query; content:"i.passcloud.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 214, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.post-factum.tk"; dns.query; content:"doh.post-factum.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 215, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns12.quad9.net"; dns.query; content:"dns12.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 216, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns13.quad9.net"; dns.query; content:"dns13.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 217, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.ryan-palmer.com"; dns.query; content:"dns1.ryan-palmer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 218, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.seby.io"; dns.query; content:"dot.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 219, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls.sinodun.com"; dns.query; content:"dnsovertls.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 220, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls1.sinodun.com"; dns.query; content:"dnsovertls1.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 221, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls2.sinodun.com"; dns.query; content:"dnsovertls2.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 222, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls3.sinodun.com"; dns.query; content:"dnsovertls3.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 223, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi.dot.dns.snopyta.org"; dns.query; content:"fi.dot.dns.snopyta.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 224, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.therifleman.name"; dns.query; content:"dns.therifleman.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27990225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 225, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.tiar.app"; dns.query; content:"dot.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 226, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wugui.zone"; dns.query; content:"dns.wugui.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 227, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-asia.wugui.zone"; dns.query; content:"dns-asia.wugui.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 228, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.gslb2.xfinity.com"; dns.query; content:"doh.gslb2.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 229, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fdns1.dismail.de"; dns.query; content:"fdns1.dismail.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 230, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fdns2.dismail.de"; dns.query; content:"fdns2.dismail.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 231, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.censurfridns.dk"; dns.query; content:"anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 232, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.censurfridns.dk"; dns.query; content:"deic-lgb.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 233, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.censurfridns.dk"; dns.query; content:"deic-ore.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 234, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.censurfridns.dk"; dns.query; content:"kracon.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 235, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.censurfridns.dk"; dns.query; content:"rgnet-iad.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 236, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.censurfridns.dk"; dns.query; content:"unicast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 237, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.uncensoreddns.org"; dns.query; content:"anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 238, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.uncensoreddns.org"; dns.query; content:"deic-lgb.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 239, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.uncensoreddns.org"; dns.query; content:"deic-ore.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 240, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.uncensoreddns.org"; dns.query; content:"kracon.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 241, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.uncensoreddns.org"; dns.query; content:"rgnet-iad.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 242, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.uncensoreddns.org"; dns.query; content:"unicast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 243, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.comss.one"; dns.query; content:"dns.comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 244, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.east.comss.one"; dns.query; content:"dns.east.comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 245, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-doh.dnsforfamily.com"; dns.query; content:"dns-doh.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 246, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-dot.dnsforfamily.com"; dns.query; content:"dns-dot.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 247, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asia.dnscepat.id"; dns.query; content:"asia.dnscepat.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 248, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eropa.dnscepat.id"; dns.query; content:"eropa.dnscepat.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 249, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.360.cn"; dns.query; content:"doh.360.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 250, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.360.cn"; dns.query; content:"dot.360.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 251, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pub"; dns.query; content:"doh.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 252, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pub"; dns.query; content:"dns.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 253, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.pub"; dns.query; content:"dot.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 254, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaitain.restena.lu"; dns.query; content:"kaitain.restena.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 255, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for getdnsapi.net"; dns.query; content:"getdnsapi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 256, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-tls.bitwiseshift.net"; dns.query; content:"dns-tls.bitwiseshift.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 257, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.dnsprivacy.at"; dns.query; content:"ns1.dnsprivacy.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 258, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.dnsprivacy.at"; dns.query; content:"ns2.dnsprivacy.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 259, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privacydns.go6lab.si"; dns.query; content:"privacydns.go6lab.si"; nocase; fast_pattern; classtype:bad-unknown; sid:27990260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 260, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsotls.lab.nic.cl"; dns.query; content:"dnsotls.lab.nic.cl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 261, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls-dns-u.odvr.dns-oarc.net"; dns.query; content:"tls-dns-u.odvr.dns-oarc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 262, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.centraleu.pi-dns.com"; dns.query; content:"dot.centraleu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 263, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.northeu.pi-dns.com"; dns.query; content:"dot.northeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 264, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.westus.pi-dns.com"; dns.query; content:"dot.westus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 265, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastus.pi-dns.com"; dns.query; content:"dot.eastus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 266, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastau.pi-dns.com"; dns.query; content:"doh.eastau.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 267, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastau.pi-dns.com"; dns.query; content:"dot.eastau.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 268, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastas.pi-dns.com"; dns.query; content:"doh.eastas.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 269, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastas.pi-dns.com"; dns.query; content:"dot.eastas.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 270, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for basic.bravedns.com"; dns.query; content:"basic.bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 271, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freedns.controld.com"; dns.query; content:"freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 272, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p0.freedns.controld.com"; dns.query; content:"p0.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 273, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p1.freedns.controld.com"; dns.query; content:"p1.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 274, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p2.freedns.controld.com"; dns.query; content:"p2.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 275, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p3.freedns.controld.com"; dns.query; content:"p3.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 276, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.freedns.controld.com"; dns.query; content:"family.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 277, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.freedns.controld.com"; dns.query; content:"uncensored.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 278, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mullvad.net"; dns.query; content:"doh.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 279, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.doh.mullvad.net"; dns.query; content:"adblock.doh.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 280, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chrome.cloudflare-dns.com"; dns.query; content:"chrome.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 281, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.xfinity.com"; dns.query; content:"dot.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 282, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.cox.net"; dns.query; content:"dot.cox.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 283, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cox.net"; dns.query; content:"doh.cox.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 284, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sb"; dns.query; content:"dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 285, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 8888.google"; dns.query; content:"8888.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 286, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chromium.dns.nextdns.io"; dns.query; content:"chromium.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 287, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.quickline.ch"; dns.query; content:"doh.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 288, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-02.spectrum.com"; dns.query; content:"doh-02.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 289, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-01.spectrum.com"; dns.query; content:"doh-01.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 290, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask.icloud.com"; dns.query; content:"mask.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 291, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-h2.icloud.com"; dns.query; content:"mask-h2.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 292, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dandelionsprout.asuscomm.com"; dns.query; content:"dandelionsprout.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 293, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for basic.rethinkdns.com"; dns.query; content:"basic.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 294, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for max.rethinkdns.com"; dns.query; content:"max.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 295, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.dns.nextdns.io"; dns.query; content:"anycast.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 296, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.gandi.net"; dns.query; content:"dns.api.gandi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 297, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.globus.org"; dns.query; content:"dns.api.globus.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 298, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.integration.globuscs.info"; dns.query; content:"dns.api.integration.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 299, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.preview.globus.org"; dns.query; content:"dns.api.preview.globus.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 300, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.rackspacecloud.com"; dns.query; content:"dns.api.rackspacecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 301, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.sandbox.globuscs.info"; dns.query; content:"dns.api.sandbox.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 302, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.staging.globuscs.info"; dns.query; content:"dns.api.staging.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 303, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.test.globuscs.info"; dns.query; content:"dns.api.test.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 304, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.beta.gandi.net"; dns.query; content:"dns.beta.gandi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 305, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudfiction.eu"; dns.query; content:"dns.cloudfiction.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 306, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eu-frankfurt-1.oraclecloud.com"; dns.query; content:"dns.eu-frankfurt-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 307, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.islandnet.com"; dns.query; content:"dns.islandnet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 308, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.onp.cloud"; dns.query; content:"dns.onp.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 309, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tuna.tsinghua.edu.cn"; dns.query; content:"dns.tuna.tsinghua.edu.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 310, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uk-london-1.oraclecloud.com"; dns.query; content:"dns.uk-london-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 311, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-ashburn-1.oraclecloud.com"; dns.query; content:"dns.us-ashburn-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 312, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-phoenix-1.oraclecloud.com"; dns.query; content:"dns.us-phoenix-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 313, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.00dani.me"; dns.query; content:"ns.00dani.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 314, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 052419.xyz"; dns.query; content:"052419.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 315, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 0ms.dev"; dns.query; content:"0ms.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 316, updated_at 2025_05_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cdn.0ms.dev"; dns.query; content:"cdn.0ms.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 317, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.0ooo.icu"; dns.query; content:"dns.0ooo.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 318, updated_at 2025_04_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.0rz.ing"; dns.query; content:"dns.0rz.ing"; nocase; fast_pattern; classtype:bad-unknown; sid:27990319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 319, updated_at 2024_12_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.0x55.net"; dns.query; content:"dns.0x55.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 320, updated_at 2024_12_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 123000123.xyz"; dns.query; content:"123000123.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 321, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.198.games"; dns.query; content:"cloud.198.games"; nocase; fast_pattern; classtype:bad-unknown; sid:27990322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 322, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.23-4.cn"; dns.query; content:"dns.23-4.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 323, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.240527.xyz"; dns.query; content:"dns.240527.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 324, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3dcosas.xyz"; dns.query; content:"3dcosas.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 325, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3dns.eu"; dns.query; content:"3dns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 326, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3jjxxl.tech"; dns.query; content:"3jjxxl.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 327, updated_at 2024_11_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.4-the.win"; dns.query; content:"dns.4-the.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 328, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.4netguides.org"; dns.query; content:"ns2.4netguides.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 329, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.52306.org"; dns.query; content:"dns.52306.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 330, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.5ososea.com"; dns.query; content:"family.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 331, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.5ososea.com"; dns.query; content:"kids.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 332, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.688447.xyz"; dns.query; content:"dns.688447.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 333, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.9999.sg"; dns.query; content:"dns.9999.sg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 334, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.a47.me"; dns.query; content:"dns.a47.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 335, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.aaaab3n.moe"; dns.query; content:"doh.aaaab3n.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 336, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst3.absolight.net"; dns.query; content:"res-acst3.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 337, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.absolight.net"; dns.query; content:"resolver1.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 338, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.absolight.net"; dns.query; content:"resolver2.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 339, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver3.absolight.net"; dns.query; content:"resolver3.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 340, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.iucc.ac.il"; dns.query; content:"doh.iucc.ac.il"; nocase; fast_pattern; classtype:bad-unknown; sid:27990341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 341, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adl.adfilter.net"; dns.query; content:"adl.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 342, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for per.adfilter.net"; dns.query; content:"per.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 343, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd.adfilter.net"; dns.query; content:"syd.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 344, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfreedns.top"; dns.query; content:"adfreedns.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 345, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adrianlam.com"; dns.query; content:"dns.adrianlam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 346, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for affcdn.net"; dns.query; content:"affcdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 347, updated_at 2025_05_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for affsoft.cc"; dns.query; content:"affsoft.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 348, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blitz.ahadns.com"; dns.query; content:"blitz.ahadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 349, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ahoj.email"; dns.query; content:"ahoj.email"; nocase; fast_pattern; classtype:bad-unknown; sid:27990350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 350, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnl-noads.alekberg.net"; dns.query; content:"dnsnl-noads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 351, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsse-noads.alekberg.net"; dns.query; content:"dnsse-noads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 352, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mailer.amlegion.org"; dns.query; content:"mailer.amlegion.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 353, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.andrewnw.xyz"; dns.query; content:"dns.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 354, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.angry.im"; dns.query; content:"doh.angry.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27990355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 355, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.anon.no"; dns.query; content:"dns.anon.no"; nocase; fast_pattern; classtype:bad-unknown; sid:27990356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 356, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for antstars.win"; dns.query; content:"antstars.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 357, updated_at 2024_11_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.anudeep.me"; dns.query; content:"secure.anudeep.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 358, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.anym0re.ru"; dns.query; content:"ad.anym0re.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 359, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.apad.pro"; dns.query; content:"doh.apad.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27990360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 360, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.apollohct.com"; dns.query; content:"ag.apollohct.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 361, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.applewebkit.dev"; dns.query; content:"dns.applewebkit.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 362, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for applied-privacy.net"; dns.query; content:"applied-privacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 363, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.arapurayil.com"; dns.query; content:"dns.arapurayil.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 364, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.archuser.org"; dns.query; content:"doh.archuser.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 365, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.arkbotech.com"; dns.query; content:"dns.arkbotech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 366, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsec.arnor.org"; dns.query; content:"nsec.arnor.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 367, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.artikel10.org"; dns.query; content:"dns.artikel10.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 368, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.asagiri.moe"; dns.query; content:"doh.asagiri.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 369, updated_at 2024_11_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.asterimoon.com"; dns.query; content:"dns.asterimoon.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 370, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atris.cyou"; dns.query; content:"atris.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27990371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 371, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.avastdns.com"; dns.query; content:"secure.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 372, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.avdkishore.dev"; dns.query; content:"adguard.avdkishore.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 373, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b612.me"; dns.query; content:"dns.b612.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 374, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b72.com"; dns.query; content:"dns.b72.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 375, updated_at 2024_11_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-dns1.bancuh.com"; dns.query; content:"fr-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 376, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-dns1.bancuh.com"; dns.query; content:"sg-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 377, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bazooki-infra.dev"; dns.query; content:"bazooki-infra.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 378, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for antivirus.bebasid.com"; dns.query; content:"antivirus.bebasid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 379, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bebasid.com"; dns.query; content:"dns.bebasid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 380, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for internetsehat.bebasid.com"; dns.query; content:"internetsehat.bebasid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 381, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.belnet.be"; dns.query; content:"dns.belnet.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27990382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 382, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bermeitinger.eu"; dns.query; content:"dns.bermeitinger.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 383, updated_at 2024_11_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bestwon203.com"; dns.query; content:"bestwon203.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 384, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.bit-trail.nl"; dns.query; content:"ns3.bit-trail.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 385, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bitdefender.net"; dns.query; content:"dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 386, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bitservices.io"; dns.query; content:"dns.bitservices.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 387, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.blaumer.dev"; dns.query; content:"dns.blaumer.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 388, updated_at 2024_12_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.blissdns.net"; dns.query; content:"us1.blissdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 389, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.blokada.org"; dns.query; content:"dns.blokada.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 390, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rfree1.blue-shield.at"; dns.query; content:"rfree1.blue-shield.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 391, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rfree2.blue-shield.at"; dns.query; content:"rfree2.blue-shield.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 392, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bluemood.me"; dns.query; content:"bluemood.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 393, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bmwhocking.com"; dns.query; content:"dns.bmwhocking.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 394, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.bod.lol"; dns.query; content:"d.bod.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27990395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 395, updated_at 2024_11_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.boje8.me"; dns.query; content:"doh.boje8.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 396, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.bonis.de"; dns.query; content:"adguard.bonis.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 397, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudns.bosco.ovh"; dns.query; content:"cloudns.bosco.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 398, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.braene.com"; dns.query; content:"dns.braene.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 399, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bravoc.one"; dns.query; content:"dns.bravoc.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 400, updated_at 2025_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brembeck.cloud"; dns.query; content:"dns.brembeck.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 401, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bt.com"; dns.query; content:"doh.bt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 402, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for goose.buckyfan.net"; dns.query; content:"goose.buckyfan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 403, updated_at 2024_11_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stratus.bugz.fr"; dns.query; content:"stratus.bugz.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 404, updated_at 2024_11_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.burgas.pro"; dns.query; content:"dns.burgas.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27990405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 405, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.busold.ws"; dns.query; content:"dns.busold.ws"; nocase; fast_pattern; classtype:bad-unknown; sid:27990406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 406, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.c-dns.com"; dns.query; content:"www.c-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 407, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cabbage.zone"; dns.query; content:"dns.cabbage.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 408, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cahlen.com"; dns.query; content:"dns.cahlen.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 409, updated_at 2024_11_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.carson-family.com"; dns.query; content:"dns.carson-family.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 410, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.carter.me"; dns.query; content:"dns.carter.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 411, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.caspervk.net"; dns.query; content:"dns.caspervk.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 412, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ccb-net.it"; dns.query; content:"doh.ccb-net.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 413, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cctld.kg"; dns.query; content:"dns.cctld.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 414, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cert.ee"; dns.query; content:"dns.cert.ee"; nocase; fast_pattern; classtype:bad-unknown; sid:27990415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 415, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cfiec.net"; dns.query; content:"dns.cfiec.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 416, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chandr1000.net"; dns.query; content:"chandr1000.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 417, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chenu.ch"; dns.query; content:"dns.chenu.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 418, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.christerwaren.fi"; dns.query; content:"dns.christerwaren.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 419, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chriswservers.com"; dns.query; content:"dns.chriswservers.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 420, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cippapp.com"; dns.query; content:"doh.cippapp.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 421, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.circl.lu"; dns.query; content:"dns.circl.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 422, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.clanless.ovh"; dns.query; content:"dns.clanless.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 423, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.nerdytechgeeks.co.za"; dns.query; content:"ns.nerdytechgeeks.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27990424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 424, updated_at 2024_12_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oliviertv.co.za"; dns.query; content:"dns.oliviertv.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27990425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 425, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pooblet.co.za"; dns.query; content:"pooblet.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27990426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 426, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.frutuozo.com.br"; dns.query; content:"adguard.frutuozo.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27990427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 427, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.netraptor.com.au"; dns.query; content:"dns.netraptor.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27990428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 428, updated_at 2024_11_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.redhosting.com.ar"; dns.query; content:"dns.redhosting.com.ar"; nocase; fast_pattern; classtype:bad-unknown; sid:27990429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 429, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.viatech.com.tw"; dns.query; content:"doh.viatech.com.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 430, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.comff.net"; dns.query; content:"dns.comff.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 431, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.controld.com"; dns.query; content:"dns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 432, updated_at 2025_05_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.criena.net"; dns.query; content:"dns.criena.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 433, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.crystalyx.net"; dns.query; content:"dns.crystalyx.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 434, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.csa-rz.de"; dns.query; content:"dns.csa-rz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 435, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.csaonline.de"; dns.query; content:"dns.csaonline.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 436, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.csswg.org"; dns.query; content:"dns.csswg.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 437, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cybertonic.tech"; dns.query; content:"dns.cybertonic.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 438, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cynthialabs.net"; dns.query; content:"dns.cynthialabs.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 439, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d94.xyz"; dns.query; content:"dns.d94.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 440, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d96.info"; dns.query; content:"dns.d96.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 441, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dantynes.cyou"; dns.query; content:"adguard.dantynes.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27990442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 442, updated_at 2025_05_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.data.haus"; dns.query; content:"mail.data.haus"; nocase; fast_pattern; classtype:bad-unknown; sid:27990443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 443, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.data.haus"; dns.query; content:"ns.data.haus"; nocase; fast_pattern; classtype:bad-unknown; sid:27990444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 444, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datacore.ch"; dns.query; content:"doh.datacore.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 445, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datahata.by"; dns.query; content:"doh.datahata.by"; nocase; fast_pattern; classtype:bad-unknown; sid:27990446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 446, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.datenquark.de"; dns.query; content:"dns.datenquark.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 447, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.daw.dev"; dns.query; content:"dns.daw.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 448, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.deadsec.net"; dns.query; content:"dns.deadsec.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 449, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.decky.eu"; dns.query; content:"dns.decky.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 450, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deep-henchman-excuse.cfd"; dns.query; content:"deep-henchman-excuse.cfd"; nocase; fast_pattern; classtype:bad-unknown; sid:27990451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 451, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.delpirou.fr"; dns.query; content:"dns.delpirou.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 452, updated_at 2024_11_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.denypradana.com"; dns.query; content:"doh.denypradana.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 453, updated_at 2025_04_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lege.despagne.net"; dns.query; content:"adguard.lege.despagne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 454, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-primary-pool.detoxifypornblocker.com"; dns.query; content:"doh-primary-pool.detoxifypornblocker.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 455, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dev-umbrellagov.com"; dns.query; content:"dns.dev-umbrellagov.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 456, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.diarbagus.id"; dns.query; content:"dns.diarbagus.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 457, updated_at 2024_12_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for digitale-gesellschaft.ch"; dns.query; content:"digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 458, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitalsize.net"; dns.query; content:"dns.digitalsize.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 459, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.expert"; dns.query; content:"dns.expert"; nocase; fast_pattern; classtype:bad-unknown; sid:27990460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 460, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dns-53.us"; dns.query; content:"dns.dns-53.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27990461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 461, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dns-53.com"; dns.query; content:"dns.dns-53.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 462, updated_at 2024_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-free.link"; dns.query; content:"dns-free.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27990463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 463, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.dns-ga.de"; dns.query; content:"dns1.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 464, updated_at 2025_04_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.dns-ga.de"; dns.query; content:"dns2.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 465, updated_at 2025_04_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.dns-ga.de"; dns.query; content:"dns3.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 466, updated_at 2025_02_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns0.eu"; dns.query; content:"dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 467, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.dns0.eu"; dns.query; content:"kids.dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 468, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for open.dns0.eu"; dns.query; content:"open.dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 469, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zero.dns0.eu"; dns.query; content:"zero.dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 470, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns4all.eu"; dns.query; content:"doh.dns4all.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 471, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au01.dns4me.net"; dns.query; content:"au01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 472, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au02.dns4me.net"; dns.query; content:"au02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 473, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca01.dns4me.net"; dns.query; content:"ca01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 474, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca02.dns4me.net"; dns.query; content:"ca02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 475, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de01.dns4me.net"; dns.query; content:"de01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 476, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ie01.dns4me.net"; dns.query; content:"ie01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 477, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp01.dns4me.net"; dns.query; content:"jp01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 478, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nz01.dns4me.net"; dns.query; content:"nz01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 479, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sa01.dns4me.net"; dns.query; content:"sa01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 480, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg01.dns4me.net"; dns.query; content:"sg01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 481, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk01.dns4me.net"; dns.query; content:"uk01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 482, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us01.dns4me.net"; dns.query; content:"us01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 483, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us02.dns4me.net"; dns.query; content:"us02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 484, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns8.org"; dns.query; content:"dns8.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 485, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abe01.dnscry.pt"; dns.query; content:"abe01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 486, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abn01.dnscry.pt"; dns.query; content:"abn01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 487, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ams01.dnscry.pt"; dns.query; content:"ams01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 488, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ams02.dnscry.pt"; dns.query; content:"ams02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 489, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ath01.dnscry.pt"; dns.query; content:"ath01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 490, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atl01.dnscry.pt"; dns.query; content:"atl01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 491, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bom01.dnscry.pt"; dns.query; content:"bom01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 492, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bts01.dnscry.pt"; dns.query; content:"bts01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 493, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for coe01.dnscry.pt"; dns.query; content:"coe01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 494, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cph01.dnscry.pt"; dns.query; content:"cph01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 495, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cvt01.dnscry.pt"; dns.query; content:"cvt01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 496, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dfw01.dnscry.pt"; dns.query; content:"dfw01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 497, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dtw01.dnscry.pt"; dns.query; content:"dtw01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 498, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dub01.dnscry.pt"; dns.query; content:"dub01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 499, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dus01.dnscry.pt"; dns.query; content:"dus01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 500, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eyg01.dnscry.pt"; dns.query; content:"eyg01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 501, updated_at 2024_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fjr01.dnscry.pt"; dns.query; content:"fjr01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 502, updated_at 2025_05_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra01.dnscry.pt"; dns.query; content:"fra01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 503, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra02.dnscry.pt"; dns.query; content:"fra02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 504, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for geg01.dnscry.pt"; dns.query; content:"geg01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 505, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gru01.dnscry.pt"; dns.query; content:"gru01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 506, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gva01.dnscry.pt"; dns.query; content:"gva01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 507, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for han01.dnscry.pt"; dns.query; content:"han01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 508, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hel01.dnscry.pt"; dns.query; content:"hel01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 509, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg01.dnscry.pt"; dns.query; content:"hkg01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 510, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hrk01.dnscry.pt"; dns.query; content:"hrk01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 511, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ist01.dnscry.pt"; dns.query; content:"ist01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 512, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jhb01.dnscry.pt"; dns.query; content:"jhb01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 513, updated_at 2024_12_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jkt01.dnscry.pt"; dns.query; content:"jkt01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 514, updated_at 2024_12_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jnb01.dnscry.pt"; dns.query; content:"jnb01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 515, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kiv01.dnscry.pt"; dns.query; content:"kiv01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 516, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for las01.dnscry.pt"; dns.query; content:"las01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 517, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lax01.dnscry.pt"; dns.query; content:"lax01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 518, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lax02.dnscry.pt"; dns.query; content:"lax02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 519, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lim01.dnscry.pt"; dns.query; content:"lim01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 520, updated_at 2024_12_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for llk01.dnscry.pt"; dns.query; content:"llk01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 521, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lon01.dnscry.pt"; dns.query; content:"lon01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 522, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mad01.dnscry.pt"; dns.query; content:"mad01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 523, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mia01.dnscry.pt"; dns.query; content:"mia01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 524, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mil01.dnscry.pt"; dns.query; content:"mil01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 525, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muc01.dnscry.pt"; dns.query; content:"muc01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 526, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for naw01.dnscry.pt"; dns.query; content:"naw01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 527, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nue01.dnscry.pt"; dns.query; content:"nue01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 528, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nyc01.dnscry.pt"; dns.query; content:"nyc01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 529, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for omr01.dnscry.pt"; dns.query; content:"omr01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 530, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ord01.dnscry.pt"; dns.query; content:"ord01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 531, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for par01.dnscry.pt"; dns.query; content:"par01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 532, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdx01.dnscry.pt"; dns.query; content:"pdx01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 533, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for phl01.dnscry.pt"; dns.query; content:"phl01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 534, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for phx01.dnscry.pt"; dns.query; content:"phx01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 535, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdd01.dnscry.pt"; dns.query; content:"rdd01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 536, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdu01.dnscry.pt"; dns.query; content:"rdu01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 537, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sea01.dnscry.pt"; dns.query; content:"sea01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 538, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgn01.dnscry.pt"; dns.query; content:"sgn01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 539, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sin01.dnscry.pt"; dns.query; content:"sin01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 540, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sin02.dnscry.pt"; dns.query; content:"sin02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 541, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sin03.dnscry.pt"; dns.query; content:"sin03.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 542, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sjc01.dnscry.pt"; dns.query; content:"sjc01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 543, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for slc01.dnscry.pt"; dns.query; content:"slc01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 544, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sof01.dnscry.pt"; dns.query; content:"sof01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 545, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sto01.dnscry.pt"; dns.query; content:"sto01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 546, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd01.dnscry.pt"; dns.query; content:"syd01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 547, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tll01.dnscry.pt"; dns.query; content:"tll01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 548, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tpa01.dnscry.pt"; dns.query; content:"tpa01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 549, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tpe01.dnscry.pt"; dns.query; content:"tpe01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 550, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trf01.dnscry.pt"; dns.query; content:"trf01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 551, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tsm01.dnscry.pt"; dns.query; content:"tsm01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 552, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tyo01.dnscry.pt"; dns.query; content:"tyo01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 553, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tyo02.dnscry.pt"; dns.query; content:"tyo02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 554, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vie01.dnscry.pt"; dns.query; content:"vie01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 555, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vno01.dnscry.pt"; dns.query; content:"vno01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 556, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for waw01.dnscry.pt"; dns.query; content:"waw01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 557, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for waw02.dnscry.pt"; dns.query; content:"waw02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 558, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ycg01.dnscry.pt"; dns.query; content:"ycg01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 559, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yul01.dnscry.pt"; dns.query; content:"yul01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 560, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yvr01.dnscry.pt"; dns.query; content:"yvr01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 561, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yyz01.dnscry.pt"; dns.query; content:"yyz01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 562, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zal01.dnscry.pt"; dns.query; content:"zal01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 563, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clean.dnsforge.de"; dns.query; content:"clean.dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 564, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hard.dnsforge.de"; dns.query; content:"hard.dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 565, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnslow.me"; dns.query; content:"dnslow.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 566, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnswarden.com"; dns.query; content:"dns.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 567, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for do-39574-tr.xyz"; dns.query; content:"do-39574-tr.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 568, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lv"; dns.query; content:"doh.lv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 569, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sb"; dns.query; content:"doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 570, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.beauty"; dns.query; content:"doh.beauty"; nocase; fast_pattern; classtype:bad-unknown; sid:27990571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 571, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.buzz"; dns.query; content:"doh.buzz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 572, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.doh.best"; dns.query; content:"dns.doh.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27990573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 573, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.domreg.lt"; dns.query; content:"doh.domreg.lt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 574, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dscloud.me"; dns.query; content:"doh.dscloud.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 575, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.dshubham.xyz"; dns.query; content:"agh.dshubham.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 576, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dukun.de"; dns.query; content:"dukun.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 577, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.easez.net"; dns.query; content:"adguard.easez.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 578, updated_at 2024_12_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eddi.net"; dns.query; content:"doh.eddi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 579, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edgeburnmedia.com"; dns.query; content:"dns.edgeburnmedia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 580, updated_at 2024_11_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edgy-dns.com"; dns.query; content:"edgy-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 581, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.editechstudio.com"; dns.query; content:"dns.editechstudio.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 582, updated_at 2024_11_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.efficientdocuments.com"; dns.query; content:"dns.efficientdocuments.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 583, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.elemental.software"; dns.query; content:"dns.elemental.software"; nocase; fast_pattern; classtype:bad-unknown; sid:27990584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 584, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eliatofani.ovh"; dns.query; content:"eliatofani.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 585, updated_at 2025_04_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eliv.kr"; dns.query; content:"dns.eliv.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 586, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.emiliyan.com"; dns.query; content:"dns.emiliyan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 587, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ersei.net"; dns.query; content:"doh.ersei.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 588, updated_at 2024_11_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.excdn.eu.org"; dns.query; content:"doh.excdn.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 589, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mayx.eu.org"; dns.query; content:"dns.mayx.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 590, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arashi.net.eu.org"; dns.query; content:"arashi.net.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 591, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.extrawdw.net"; dns.query; content:"dns.extrawdw.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 592, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.faked.org"; dns.query; content:"dns.faked.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 593, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvps.familiamv.net"; dns.query; content:"dnsvps.familiamv.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 594, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fancyorg.at"; dns.query; content:"dns.fancyorg.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 595, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for farewellkou.click"; dns.query; content:"farewellkou.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27990596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 596, updated_at 2025_04_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.farshidhakimy.de"; dns.query; content:"dns.farshidhakimy.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 597, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns0.fdn.fr"; dns.query; content:"ns0.fdn.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 598, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.fdn.fr"; dns.query; content:"ns1.fdn.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 599, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fehlsprache.de"; dns.query; content:"dns.fehlsprache.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 600, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.ff0x.ca"; dns.query; content:"ag.ff0x.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 601, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ffnw.de"; dns.query; content:"dns.ffnw.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 602, updated_at 2024_11_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fidelius.top"; dns.query; content:"fidelius.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 603, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flightspace.net"; dns.query; content:"dns.flightspace.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 604, updated_at 2024_11_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.flm9.net"; dns.query; content:"dns01.flm9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 605, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolv.flokinet.net"; dns.query; content:"resolv.flokinet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 606, updated_at 2024_12_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.floriantinney.de"; dns.query; content:"dns.floriantinney.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 607, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flymc.cc"; dns.query; content:"dns.flymc.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 608, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.freyja.pw"; dns.query; content:"dns.freyja.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 609, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.froth.zone"; dns.query; content:"dns.froth.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 610, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for awan.ftp.sh"; dns.query; content:"awan.ftp.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 611, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.futa.gg"; dns.query; content:"doh.futa.gg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 612, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cluster-0.gac.edu"; dns.query; content:"cluster-0.gac.edu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 613, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cluster-1.gac.edu"; dns.query; content:"cluster-1.gac.edu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 614, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gamban.com"; dns.query; content:"dns.gamban.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 615, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.geili.me"; dns.query; content:"adg.geili.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 616, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gibblets.top"; dns.query; content:"gibblets.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 617, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.girino.org"; dns.query; content:"dns.girino.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 618, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for glacius.top"; dns.query; content:"glacius.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 619, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.glf.wtf"; dns.query; content:"dns.glf.wtf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 620, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gnb09.id"; dns.query; content:"dns.gnb09.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 621, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.guard.io"; dns.query; content:"dns.guard.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 622, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.guardmydns.com"; dns.query; content:"dns.guardmydns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 623, updated_at 2024_11_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gutwe.in"; dns.query; content:"dns.gutwe.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 624, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hahnjo.de"; dns.query; content:"dns.hahnjo.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 625, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.haka.se"; dns.query; content:"dns.haka.se"; nocase; fast_pattern; classtype:bad-unknown; sid:27990626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 626, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.henek.ovh"; dns.query; content:"dns.henek.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 627, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hfgx.shop"; dns.query; content:"hfgx.shop"; nocase; fast_pattern; classtype:bad-unknown; sid:27990628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 628, updated_at 2024_11_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home-server.store"; dns.query; content:"home-server.store"; nocase; fast_pattern; classtype:bad-unknown; sid:27990629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 629, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hoody.com"; dns.query; content:"dns.hoody.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 630, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hshoe.cn"; dns.query; content:"dns.hshoe.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 631, updated_at 2024_11_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doth.huque.com"; dns.query; content:"doth.huque.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 632, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hypercute.eu"; dns.query; content:"dns.hypercute.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 633, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shuting.idv.tw"; dns.query; content:"adguard.shuting.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 634, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ikarosalpha.xyz"; dns.query; content:"ikarosalpha.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 635, updated_at 2025_03_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.immerda.ch"; dns.query; content:"doh.immerda.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 636, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for imperio.top"; dns.query; content:"imperio.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 637, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.in-berlin.de"; dns.query; content:"dns1.in-berlin.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 638, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.in-berlin.de"; dns.query; content:"dns2.in-berlin.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 639, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.inclusioproject.com"; dns.query; content:"dns.inclusioproject.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 640, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.indybanipal.com"; dns.query; content:"dns.indybanipal.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 641, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.inforlogia.com"; dns.query; content:"dns.inforlogia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 642, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qlf-doh.inria.fr"; dns.query; content:"qlf-doh.inria.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 643, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ishan.pw"; dns.query; content:"dns.ishan.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 644, updated_at 2025_01_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdns.itxe.net"; dns.query; content:"pdns.itxe.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 645, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ivnkn.xyz"; dns.query; content:"ivnkn.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 646, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jackyes.ovh"; dns.query; content:"jackyes.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 647, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jfchenier.ca"; dns.query; content:"adguard.jfchenier.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 648, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jhangy.us"; dns.query; content:"dns.jhangy.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27990649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 649, updated_at 2024_12_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jstockley.com"; dns.query; content:"dns.jstockley.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 650, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jupitrdns.com"; dns.query; content:"dns.jupitrdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 651, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.justincounts.com"; dns.query; content:"ad.justincounts.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 652, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.k3nny.fr"; dns.query; content:"dns.k3nny.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 653, updated_at 2024_11_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kamilszczepanski.com"; dns.query; content:"dns.kamilszczepanski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 654, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kapite.in"; dns.query; content:"dns.kapite.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 655, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.karadag.me"; dns.query; content:"dns.karadag.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 656, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.karl.one"; dns.query; content:"dns.karl.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 657, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kastner-online.de"; dns.query; content:"dns.kastner-online.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 658, updated_at 2025_03_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kawa.tf"; dns.query; content:"dns.kawa.tf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 659, updated_at 2024_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kebree.fr"; dns.query; content:"dns.kebree.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 660, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.kel.pe"; dns.query; content:"doh.kel.pe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 661, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kerekes.xyz"; dns.query; content:"dns.kerekes.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 662, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kernel-error.de"; dns.query; content:"dns.kernel-error.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 663, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kescher.at"; dns.query; content:"dns.kescher.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 664, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.aws.ketan.dev"; dns.query; content:"pihole.aws.ketan.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 665, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keviland.com"; dns.query; content:"dns.keviland.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 666, updated_at 2024_11_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.khon.dev"; dns.query; content:"adg.khon.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 667, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.kidzonet.io"; dns.query; content:"doh.kidzonet.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 668, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.killtw.im"; dns.query; content:"doh.killtw.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27990669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 669, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blog.kimiblock.top"; dns.query; content:"blog.kimiblock.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 670, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ko-18948-tr.xyz"; dns.query; content:"ko-18948-tr.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 671, updated_at 2024_11_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.konikoni428.com"; dns.query; content:"adguard.konikoni428.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 672, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for korzhov.dev"; dns.query; content:"korzhov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 673, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kosan.moe"; dns.query; content:"dns.kosan.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 674, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dart.kpsn.org"; dns.query; content:"dart.kpsn.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 675, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.krctech.dev"; dns.query; content:"adblock.krctech.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 676, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xray.krnl.eu"; dns.query; content:"xray.krnl.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 677, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kukal.cz"; dns.query; content:"dns.kukal.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 678, updated_at 2024_12_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kumoumi.net"; dns.query; content:"dns.kumoumi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 679, updated_at 2024_12_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kuuhaku.moe"; dns.query; content:"dns.kuuhaku.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 680, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kx-97795-tr.xyz"; dns.query; content:"kx-97795-tr.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 681, updated_at 2024_11_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.l337.site"; dns.query; content:"dns.l337.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27990682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 682, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lacontrevoie.fr"; dns.query; content:"doh.lacontrevoie.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 683, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lars-lehmann.net"; dns.query; content:"dns.lars-lehmann.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 684, updated_at 2025_05_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lastentarvike.fi"; dns.query; content:"lastentarvike.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 685, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yarp.lefolgoc.net"; dns.query; content:"yarp.lefolgoc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 686, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lepilleur.com"; dns.query; content:"dns.lepilleur.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 687, updated_at 2025_03_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lermer.nl"; dns.query; content:"dns.lermer.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 688, updated_at 2024_12_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.levonet.sk"; dns.query; content:"dns.levonet.sk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 689, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.liberador.net"; dns.query; content:"dns.liberador.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 690, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lihj.me"; dns.query; content:"dns.lihj.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 691, updated_at 2025_01_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for africadns1.liquidtelecom.net"; dns.query; content:"africadns1.liquidtelecom.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 692, updated_at 2025_04_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for africadns2.liquidtelecom.net"; dns.query; content:"africadns2.liquidtelecom.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 693, updated_at 2025_04_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for loadlow.me"; dns.query; content:"loadlow.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 694, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lobbygod.com"; dns.query; content:"dns.lobbygod.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 695, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.phdns1.lonet.org"; dns.query; content:"doh.phdns1.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 696, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.phdns2.lonet.org"; dns.query; content:"doh.phdns2.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 697, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.phdns3.lonet.org"; dns.query; content:"doh.phdns3.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 698, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.phdns4.lonet.org"; dns.query; content:"doh.phdns4.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 699, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.phdns5.lonet.org"; dns.query; content:"doh.phdns5.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 700, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lukscasino-479-tr.xyz"; dns.query; content:"lukscasino-479-tr.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 701, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lukscasino-542-tr.xyz"; dns.query; content:"lukscasino-542-tr.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 702, updated_at 2024_12_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lukscasino-929-tr.xyz"; dns.query; content:"lukscasino-929-tr.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 703, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.luma-medien.com"; dns.query; content:"dns.luma-medien.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 704, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for orau.lz0724.com"; dns.query; content:"orau.lz0724.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 705, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns1.m-it.ro"; dns.query; content:"addns1.m-it.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27990706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 706, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mailkyb.co"; dns.query; content:"mailkyb.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27990707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 707, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maqgie.xyz"; dns.query; content:"maqgie.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 708, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.marasov.id"; dns.query; content:"dns.marasov.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 709, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.marbledfennec.net"; dns.query; content:"dns.marbledfennec.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 710, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for multi.dns.marbledfennec.net"; dns.query; content:"multi.dns.marbledfennec.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 711, updated_at 2024_12_31;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.maskab.com"; dns.query; content:"doh.maskab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 712, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for masters-of-cloud.de"; dns.query; content:"masters-of-cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 713, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mateo.ovh"; dns.query; content:"dns.mateo.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 714, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mc-sft.cn"; dns.query; content:"mc-sft.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 715, updated_at 2024_12_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.meddy94.de"; dns.query; content:"adguard.meddy94.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 716, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.meeo.win"; dns.query; content:"dns.meeo.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 717, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for snoke.meganerd.nl"; dns.query; content:"snoke.meganerd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 718, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mendozasdelivery.com"; dns.query; content:"mendozasdelivery.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 719, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testaghome.meshkov.info"; dns.query; content:"testaghome.meshkov.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 720, updated_at 2025_03_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mh4ckt3mh4ckt1c4s.xyz"; dns.query; content:"dns.mh4ckt3mh4ckt1c4s.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 721, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mikezhang.xyz"; dns.query; content:"mikezhang.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 722, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for miniapp.global"; dns.query; content:"miniapp.global"; nocase; fast_pattern; classtype:bad-unknown; sid:27990723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 723, updated_at 2024_11_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for netcup.mismat.ch"; dns.query; content:"netcup.mismat.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 724, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mmmalia.com"; dns.query; content:"doh.mmmalia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 725, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mnet-online.de"; dns.query; content:"dns.mnet-online.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 726, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mni.li"; dns.query; content:"dns.mni.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 727, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mnrv.trade"; dns.query; content:"mnrv.trade"; nocase; fast_pattern; classtype:bad-unknown; sid:27990728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 728, updated_at 2025_03_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnstls.mobik.com"; dns.query; content:"dnstls.mobik.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 729, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nue2.moderateinfra.net"; dns.query; content:"nue2.moderateinfra.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 730, updated_at 2024_11_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ps1.modr.club"; dns.query; content:"ps1.modr.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27990731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 731, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.molinero.dev"; dns.query; content:"dns.molinero.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 732, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.momou.ch"; dns.query; content:"dns.momou.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 733, updated_at 2025_05_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mullvad.net"; dns.query; content:"dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 734, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.dns.mullvad.net"; dns.query; content:"adblock.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 735, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for all.dns.mullvad.net"; dns.query; content:"all.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 736, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for base.dns.mullvad.net"; dns.query; content:"base.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 737, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for extended.dns.mullvad.net"; dns.query; content:"extended.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 738, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.mullvad.net"; dns.query; content:"family.dns.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 739, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.feldy.my.id"; dns.query; content:"dns.feldy.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 740, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myatris.sbs"; dns.query; content:"myatris.sbs"; nocase; fast_pattern; classtype:bad-unknown; sid:27990741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 741, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.mydns.network"; dns.query; content:"family.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 742, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freedom.mydns.network"; dns.query; content:"freedom.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 743, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for paranoia.mydns.network"; dns.query; content:"paranoia.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 744, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.myon.lu"; dns.query; content:"blackhole.myon.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 745, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mzjtechnology.com"; dns.query; content:"dns.mzjtechnology.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 746, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n0.eu"; dns.query; content:"n0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 747, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for najiakeji.top"; dns.query; content:"najiakeji.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 748, updated_at 2024_11_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nako.kr"; dns.query; content:"dns.nako.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 749, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nas-server.ru"; dns.query; content:"dns.nas-server.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 750, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-p-1.nashkan.net"; dns.query; content:"ae-fuj-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 751, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-p-2.nashkan.net"; dns.query; content:"ae-fuj-w-p-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 752, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-p-3.nashkan.net"; dns.query; content:"ae-fuj-w-p-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 753, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for at-wie-w-p-1.nashkan.net"; dns.query; content:"at-wie-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 754, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-f-1.nashkan.net"; dns.query; content:"au-syd-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 755, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fra-w-p-1.nashkan.net"; dns.query; content:"de-fra-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 756, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-p-1.nashkan.net"; dns.query; content:"de-fsn-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 757, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi-hel-w-f-2.nashkan.net"; dns.query; content:"fi-hel-w-f-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 758, updated_at 2024_12_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-gra-w-f-1.nashkan.net"; dns.query; content:"fr-gra-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 759, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-gra-w-p-1.nashkan.net"; dns.query; content:"fr-gra-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 760, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-f-1.nashkan.net"; dns.query; content:"gb-lon-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 761, updated_at 2024_12_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-p-1.nashkan.net"; dns.query; content:"gb-lon-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 762, updated_at 2024_11_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-p-2.nashkan.net"; dns.query; content:"gb-lon-w-p-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 763, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kz-pav-w-p-1.nashkan.net"; dns.query; content:"kz-pav-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 764, updated_at 2024_11_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-dro-w-f-1.nashkan.net"; dns.query; content:"nl-dro-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 765, updated_at 2024_11_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ro-buc-w-f-1.nashkan.net"; dns.query; content:"ro-buc-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 766, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ro-buc-w-p-1.nashkan.net"; dns.query; content:"ro-buc-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 767, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-f-1.nashkan.net"; dns.query; content:"sg-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 768, updated_at 2025_01_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-p-1.nashkan.net"; dns.query; content:"sg-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 769, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-f-1.nashkan.net"; dns.query; content:"us-chi-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 770, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-p-1.nashkan.net"; dns.query; content:"us-chi-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 771, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-hil-w-f-1.nashkan.net"; dns.query; content:"us-hil-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 772, updated_at 2024_12_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-hil-w-p-1.nashkan.net"; dns.query; content:"us-hil-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 773, updated_at 2024_12_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-jac-w-f-1.nashkan.net"; dns.query; content:"us-jac-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 774, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-jac-w-p-1.nashkan.net"; dns.query; content:"us-jac-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 775, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-kan-w-f-1.nashkan.net"; dns.query; content:"us-kan-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 776, updated_at 2025_04_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-kan-w-p-1.nashkan.net"; dns.query; content:"us-kan-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 777, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-nyc-w-f-1.nashkan.net"; dns.query; content:"us-nyc-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 778, updated_at 2025_03_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-nyc-w-p-1.nashkan.net"; dns.query; content:"us-nyc-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 779, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-saj-w-f-1.nashkan.net"; dns.query; content:"us-saj-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 780, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-saj-w-p-1.nashkan.net"; dns.query; content:"us-saj-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 781, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ndo.dev"; dns.query; content:"dns.ndo.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 782, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neeb.it"; dns.query; content:"dns.neeb.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 783, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.neon0404.space"; dns.query; content:"adguard.neon0404.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27990784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 784, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.net.kg"; dns.query; content:"ns.net.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 785, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.netvpn.net"; dns.query; content:"dns.netvpn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 786, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.luigi.nexific.it"; dns.query; content:"doh.luigi.nexific.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 787, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nhtsky.com"; dns.query; content:"dns.nhtsky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 788, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.niaox.com"; dns.query; content:"d.niaox.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 789, updated_at 2024_12_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nic.lv"; dns.query; content:"doh.nic.lv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 790, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nick-slowinski.de"; dns.query; content:"dns.nick-slowinski.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 791, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nicsezcheckfbi.gov"; dns.query; content:"nicsezcheckfbi.gov"; nocase; fast_pattern; classtype:bad-unknown; sid:27990792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 792, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nielsdb.be"; dns.query; content:"dns1.nielsdb.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27990793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 793, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ningkelle.id"; dns.query; content:"dns.ningkelle.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 794, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.ningkelle.id"; dns.query; content:"family.dns.ningkelle.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 795, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.niyawe.de"; dns.query; content:"doh.niyawe.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 796, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.noaddns.com"; dns.query; content:"resolver.noaddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 797, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi1.node15.com"; dns.query; content:"pi1.node15.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 798, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nodoa.me"; dns.query; content:"dns.nodoa.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 799, updated_at 2024_11_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sink.nolo.ltd"; dns.query; content:"sink.nolo.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27990800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 800, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for paulo.nom.za"; dns.query; content:"paulo.nom.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27990801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 801, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kiri.nonexiste.net"; dns.query; content:"kiri.nonexiste.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 802, updated_at 2025_05_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nordvpn.com"; dns.query; content:"dns1.nordvpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 803, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nordvpn.com"; dns.query; content:"dns2.nordvpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 804, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.dns.noridev.moe"; dns.query; content:"1.dns.noridev.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 805, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dns.noridev.moe"; dns.query; content:"2.dns.noridev.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 806, updated_at 2024_11_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.novali.date"; dns.query; content:"dns.novali.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27990807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 807, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.novg.net"; dns.query; content:"dns.novg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 808, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.com"; dns.query; content:"ns3.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 809, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.cx"; dns.query; content:"ns3.cx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 810, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.link"; dns.query; content:"ns3.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27990811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 811, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.numerus.com"; dns.query; content:"dns.numerus.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 812, updated_at 2024_11_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.nwps.fi"; dns.query; content:"ns.nwps.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 813, updated_at 2025_01_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qdns02.nymterm.com"; dns.query; content:"qdns02.nymterm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 814, updated_at 2024_12_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for obscuro.top"; dns.query; content:"obscuro.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 815, updated_at 2025_03_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.occ.top"; dns.query; content:"dot.occ.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 816, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.odinpl.com"; dns.query; content:"dns.odinpl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 817, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ofdoom.net"; dns.query; content:"dns.ofdoom.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 818, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.onedns.net"; dns.query; content:"doh.onedns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 819, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.onedns.cc"; dns.query; content:"secure.onedns.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 820, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ada.openbld.net"; dns.query; content:"ada.openbld.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 821, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ric.openbld.net"; dns.query; content:"ric.openbld.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 822, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.opennameserver.org"; dns.query; content:"ns1.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 823, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.opennameserver.org"; dns.query; content:"ns2.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 824, updated_at 2024_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.opennameserver.org"; dns.query; content:"ns3.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 825, updated_at 2024_12_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ourvau.lt"; dns.query; content:"dns.ourvau.lt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 826, updated_at 2024_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1a.ns.ozer.im"; dns.query; content:"1a.ns.ozer.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27990827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 827, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.paesa.es"; dns.query; content:"dns.paesa.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27990828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 828, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pari.network"; dns.query; content:"dns.pari.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 829, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pashagame456.com"; dns.query; content:"pashagame456.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 830, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.gcp.pathofgrace.com"; dns.query; content:"doh.gcp.pathofgrace.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 831, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darya.persiannit.net"; dns.query; content:"darya.persiannit.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 832, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.phillipjberry.net"; dns.query; content:"dns.phillipjberry.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 833, updated_at 2024_12_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.pietjacobs.be"; dns.query; content:"dns1.pietjacobs.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27990834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 834, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for helios.plan9-dns.com"; dns.query; content:"helios.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 835, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kronos.plan9-dns.com"; dns.query; content:"kronos.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 836, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pluton.plan9-dns.com"; dns.query; content:"pluton.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 837, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privacy.plumedns.com"; dns.query; content:"privacy.plumedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 838, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pm1239-bd.xyz"; dns.query; content:"pm1239-bd.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 839, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pm7051-br.xyz"; dns.query; content:"pm7051-br.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 840, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pm9352-bd.xyz"; dns.query; content:"pm9352-bd.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 841, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.diy"; dns.query; content:"polisitogel.diy"; nocase; fast_pattern; classtype:bad-unknown; sid:27990842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 842, updated_at 2025_01_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.living"; dns.query; content:"polisitogel.living"; nocase; fast_pattern; classtype:bad-unknown; sid:27990843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 843, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.beauty"; dns.query; content:"polisitogel.beauty"; nocase; fast_pattern; classtype:bad-unknown; sid:27990844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 844, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.cruises"; dns.query; content:"polisitogel.cruises"; nocase; fast_pattern; classtype:bad-unknown; sid:27990845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 845, updated_at 2024_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.construction"; dns.query; content:"polisitogel.construction"; nocase; fast_pattern; classtype:bad-unknown; sid:27990846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 846, updated_at 2024_11_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.green"; dns.query; content:"polisitogel.green"; nocase; fast_pattern; classtype:bad-unknown; sid:27990847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 847, updated_at 2024_12_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.webcam"; dns.query; content:"polisitogel.webcam"; nocase; fast_pattern; classtype:bad-unknown; sid:27990848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 848, updated_at 2025_03_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.accountant"; dns.query; content:"polisitogel.accountant"; nocase; fast_pattern; classtype:bad-unknown; sid:27990849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 849, updated_at 2024_11_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.hair"; dns.query; content:"polisitogel.hair"; nocase; fast_pattern; classtype:bad-unknown; sid:27990850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 850, updated_at 2025_01_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.luxe"; dns.query; content:"polisitogel.luxe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 851, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.properties"; dns.query; content:"polisitogel.properties"; nocase; fast_pattern; classtype:bad-unknown; sid:27990852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 852, updated_at 2024_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.limo"; dns.query; content:"polisitogel.limo"; nocase; fast_pattern; classtype:bad-unknown; sid:27990853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 853, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.show"; dns.query; content:"polisitogel.show"; nocase; fast_pattern; classtype:bad-unknown; sid:27990854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 854, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.contractors"; dns.query; content:"polisitogel.contractors"; nocase; fast_pattern; classtype:bad-unknown; sid:27990855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 855, updated_at 2024_12_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.builders"; dns.query; content:"polisitogel.builders"; nocase; fast_pattern; classtype:bad-unknown; sid:27990856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 856, updated_at 2024_11_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lindung.pp.ua"; dns.query; content:"lindung.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27990857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 857, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sundalandia.pp.ua"; dns.query; content:"sundalandia.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27990858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 858, updated_at 2025_01_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for virga.pp.ua"; dns.query; content:"virga.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27990859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 859, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pragmasec.nl"; dns.query; content:"dns.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 860, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for princez.uk"; dns.query; content:"princez.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 861, updated_at 2025_05_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hungary.privacy-dns.pw"; dns.query; content:"hungary.privacy-dns.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 862, updated_at 2024_12_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for india.privacy-dns.pw"; dns.query; content:"india.privacy-dns.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 863, updated_at 2024_12_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for las-vegas.privacy-dns.pw"; dns.query; content:"las-vegas.privacy-dns.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 864, updated_at 2024_12_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luxembourg.privacy-dns.pw"; dns.query; content:"luxembourg.privacy-dns.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 865, updated_at 2024_12_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for romania.privacy-dns.pw"; dns.query; content:"romania.privacy-dns.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 866, updated_at 2024_12_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sweden.privacy-dns.pw"; dns.query; content:"sweden.privacy-dns.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 867, updated_at 2024_12_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for switzerland.privacy-dns.pw"; dns.query; content:"switzerland.privacy-dns.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 868, updated_at 2024_12_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for united-arab-emirates.privacy-dns.pw"; dns.query; content:"united-arab-emirates.privacy-dns.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 869, updated_at 2024_12_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl.dns.privex.io"; dns.query; content:"nl.dns.privex.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 870, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.propheci.xyz"; dns.query; content:"dns.propheci.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 871, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.qis.io"; dns.query; content:"doh.qis.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 872, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qqmcfw.tech"; dns.query; content:"qqmcfw.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 873, updated_at 2024_11_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.qquack.org"; dns.query; content:"ns1.qquack.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 874, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quiet.rocks"; dns.query; content:"dns.quiet.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27990875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 875, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ant.dns.qwer.pw"; dns.query; content:"ant.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 876, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dog.dns.qwer.pw"; dns.query; content:"dog.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 877, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frog.dns.qwer.pw"; dns.query; content:"frog.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 878, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lion.dns.qwer.pw"; dns.query; content:"lion.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 879, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tiger.dns.qwer.pw"; dns.query; content:"tiger.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 880, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.r0cket.net"; dns.query; content:"resolver.r0cket.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 881, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rabbitdns.org"; dns.query; content:"dns.rabbitdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 882, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.rabbitdns.org"; dns.query; content:"family.rabbitdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 883, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security.rabbitdns.org"; dns.query; content:"security.rabbitdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 884, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.ral9005.org"; dns.query; content:"ns.ral9005.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 885, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rayneau.fr"; dns.query; content:"rayneau.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 886, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rbn.gr"; dns.query; content:"dns.rbn.gr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 887, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.reckoningslug.name"; dns.query; content:"dns.reckoningslug.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27990888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 888, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.redvau.lt"; dns.query; content:"dns.redvau.lt"; nocase; fast_pattern; classtype:bad-unknown; sid:27990889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 889, updated_at 2024_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.reitmeier.me"; dns.query; content:"dns.reitmeier.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 890, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnspub.restena.lu"; dns.query; content:"dnspub.restena.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 891, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.retakecs.com"; dns.query; content:"dns.retakecs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 892, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sky.rethinkdns.com"; dns.query; content:"sky.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 893, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for revelio.top"; dns.query; content:"revelio.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 894, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.rezhajul.io"; dns.query; content:"doh.rezhajul.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 895, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for newd.rezyro.com"; dns.query; content:"newd.rezyro.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 896, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.rferee.dev"; dns.query; content:"resolver.rferee.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 897, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rin.sh"; dns.query; content:"dns.rin.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 898, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.robotboard.de"; dns.query; content:"vps.robotboard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 899, updated_at 2024_11_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.roedel.cloud"; dns.query; content:"dns.roedel.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 900, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rotunneling.net"; dns.query; content:"dns.rotunneling.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 901, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o.rsaikat.com"; dns.query; content:"o.rsaikat.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 902, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safeservedns.com"; dns.query; content:"safeservedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 903, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.safesurfer.io"; dns.query; content:"doh.safesurfer.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 904, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sarak.as"; dns.query; content:"dns.sarak.as"; nocase; fast_pattern; classtype:bad-unknown; sid:27990905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 905, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sarilouis.com"; dns.query; content:"dns.sarilouis.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 906, updated_at 2025_01_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sec511.com"; dns.query; content:"dns.sec511.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 907, updated_at 2024_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.seia.io"; dns.query; content:"dns.seia.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 908, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secondary.dns.seia.io"; dns.query; content:"secondary.dns.seia.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 909, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.seiffert.me"; dns.query; content:"dns.seiffert.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 910, updated_at 2025_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.senthil.us"; dns.query; content:"adguard.senthil.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27990911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 911, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sev.monster"; dns.query; content:"dns.sev.monster"; nocase; fast_pattern; classtype:bad-unknown; sid:27990912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 912, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shareworx.net"; dns.query; content:"dns.shareworx.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 913, updated_at 2025_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shecan.ir"; dns.query; content:"dns.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 914, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for free.shecan.ir"; dns.query; content:"free.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 915, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pro.shecan.ir"; dns.query; content:"pro.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 916, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sheggi.ch"; dns.query; content:"dns.sheggi.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 917, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shimul.me"; dns.query; content:"dns.shimul.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 918, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shoupperuser.com"; dns.query; content:"adguard.shoupperuser.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 919, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.silen.org"; dns.query; content:"dns.silen.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 920, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.silentlybren.com"; dns.query; content:"dns.silentlybren.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 921, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sindominio.net"; dns.query; content:"dns.sindominio.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 922, updated_at 2024_11_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sitdns.com"; dns.query; content:"dns.sitdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 923, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skrep.eu"; dns.query; content:"dns.skrep.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 924, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.slinkyman.net"; dns.query; content:"dns.slinkyman.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 925, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.smartguard.io"; dns.query; content:"dns.smartguard.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 926, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clientdns3.softcom.net"; dns.query; content:"clientdns3.softcom.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 927, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spacedns.org"; dns.query; content:"spacedns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 928, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for squidmall.vip"; dns.query; content:"squidmall.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27990929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 929, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.startupstack.tech"; dns.query; content:"dns.startupstack.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 930, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stevenz.net"; dns.query; content:"dns.stevenz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 931, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stirringphoto.com"; dns.query; content:"dns.stirringphoto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 932, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stormycloud.org"; dns.query; content:"dns.stormycloud.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 933, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.suhaila.dev"; dns.query; content:"dns.suhaila.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 934, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.sunet.se"; dns.query; content:"resolver.sunet.se"; nocase; fast_pattern; classtype:bad-unknown; sid:27990935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 935, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sunnygyl.com"; dns.query; content:"sunnygyl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 936, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sunoaki.net"; dns.query; content:"doh.sunoaki.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 937, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.superstefan.win"; dns.query; content:"dns.superstefan.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 938, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sv-zauner.at"; dns.query; content:"dns.sv-zauner.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 939, updated_at 2024_12_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.svoi.dev"; dns.query; content:"dns.svoi.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 940, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sy.st"; dns.query; content:"dns.sy.st"; nocase; fast_pattern; classtype:bad-unknown; sid:27990941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 941, updated_at 2024_12_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.syaifullah.com"; dns.query; content:"dns.syaifullah.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 942, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ihctw.synology.me"; dns.query; content:"ihctw.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 943, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.syshero.org"; dns.query; content:"doh.syshero.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 944, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.szpadel.ovh"; dns.query; content:"dns.szpadel.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 945, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tecdrive.site"; dns.query; content:"tecdrive.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27990946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 946, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.technologycage.com"; dns.query; content:"dns.technologycage.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 947, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rx.techomespace.com"; dns.query; content:"rx.techomespace.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 948, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.telekom.de"; dns.query; content:"dns.telekom.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 949, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thebuckners.org"; dns.query; content:"dns.thebuckners.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 950, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blocker.thethorsens.org"; dns.query; content:"blocker.thethorsens.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 951, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.thio.me"; dns.query; content:"doh.thio.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 952, updated_at 2024_11_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tierradeayala.com"; dns.query; content:"dns.tierradeayala.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 953, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for timmes.nl"; dns.query; content:"timmes.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 954, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb.timnichollsphotography.com"; dns.query; content:"adb.timnichollsphotography.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 955, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tipsy.coffee"; dns.query; content:"dns.tipsy.coffee"; nocase; fast_pattern; classtype:bad-unknown; sid:27990956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 956, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tls-data.de"; dns.query; content:"dns.tls-data.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 957, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolv1.trash.net"; dns.query; content:"resolv1.trash.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 958, updated_at 2025_05_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolv2.trash.net"; dns.query; content:"resolv2.trash.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 959, updated_at 2025_05_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolv3.trash.net"; dns.query; content:"resolv3.trash.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 960, updated_at 2025_05_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.trcnet.fi"; dns.query; content:"ns.trcnet.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 961, updated_at 2025_05_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tri-dns.net"; dns.query; content:"tri-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 962, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.tshost.no"; dns.query; content:"adg.tshost.no"; nocase; fast_pattern; classtype:bad-unknown; sid:27990963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 963, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ibr.cs.tu-bs.de"; dns.query; content:"doh.ibr.cs.tu-bs.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 964, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tujenasnaszato.xyz"; dns.query; content:"tujenasnaszato.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 965, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tuskythehusky.tech"; dns.query; content:"tuskythehusky.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 966, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.umbrella.com"; dns.query; content:"doh.umbrella.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 967, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.unstoppable.io"; dns.query; content:"resolver.unstoppable.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 968, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unx.io"; dns.query; content:"dns.unx.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 969, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uplenk.com"; dns.query; content:"dns.uplenk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 970, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.koala.us.to"; dns.query; content:"dns.koala.us.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27990971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 971, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nightlymoon.us.kg"; dns.query; content:"nightlymoon.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 972, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luna-is.so-gorgeo.us.kg"; dns.query; content:"luna-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 973, updated_at 2025_01_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mecca-is.so-gorgeo.us.kg"; dns.query; content:"mecca-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 974, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mita-is.so-gorgeo.us.kg"; dns.query; content:"mita-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 975, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myrra-is.so-gorgeo.us.kg"; dns.query; content:"myrra-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 976, updated_at 2024_12_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nana-is.so-gorgeo.us.kg"; dns.query; content:"nana-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 977, updated_at 2025_01_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nindy-is.so-gorgeo.us.kg"; dns.query; content:"nindy-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 978, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nora-is.so-gorgeo.us.kg"; dns.query; content:"nora-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 979, updated_at 2024_12_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nova-is.so-gorgeo.us.kg"; dns.query; content:"nova-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 980, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tetty-is.so-gorgeo.us.kg"; dns.query; content:"tetty-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 981, updated_at 2025_01_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yussy-is.so-gorgeo.us.kg"; dns.query; content:"yussy-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 982, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vaioswolke.xyz"; dns.query; content:"dns.vaioswolke.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 983, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tor.vasi.li"; dns.query; content:"tor.vasi.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 984, updated_at 2025_02_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vault81.de"; dns.query; content:"dns.vault81.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 985, updated_at 2024_11_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for venum.space"; dns.query; content:"venum.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27990986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 986, updated_at 2024_11_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vojtat.cz"; dns.query; content:"dns.vojtat.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 987, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vorlif.org"; dns.query; content:"vorlif.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 988, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.w3ctag.org"; dns.query; content:"dns.w3ctag.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 989, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aqua.is.my.waifu.cz"; dns.query; content:"aqua.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 990, updated_at 2025_05_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darkness.is.my.waifu.cz"; dns.query; content:"darkness.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 991, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for megumin.is.my.waifu.cz"; dns.query; content:"megumin.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 992, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yunyun.is.my.waifu.cz"; dns.query; content:"yunyun.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 993, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wang.art"; dns.query; content:"dns.wang.art"; nocase; fast_pattern; classtype:bad-unknown; sid:27990994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 994, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abel.waringer-atg.de"; dns.query; content:"abel.waringer-atg.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 995, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.webnmail.de"; dns.query; content:"doh.webnmail.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 996, updated_at 2024_11_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wikimedia-dns.org"; dns.query; content:"wikimedia-dns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 997, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-1.wil.cloud"; dns.query; content:"dns-1.wil.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 998, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-2.wil.cloud"; dns.query; content:"dns-2.wil.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 999, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.wriedts.de"; dns.query; content:"home.wriedts.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1000, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.wuyouss.com"; dns.query; content:"ns2.wuyouss.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1001, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.wuyouss.com"; dns.query; content:"ns3.wuyouss.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1002, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb-home.xaoimoon.fr"; dns.query; content:"adb-home.xaoimoon.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1003, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xbcpb668.com"; dns.query; content:"xbcpb668.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1004, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xcom.pro"; dns.query; content:"doh.xcom.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1005, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xlion.tw"; dns.query; content:"dns.xlion.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1006, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xn--durhre-yxa.de"; dns.query; content:"xn--durhre-yxa.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1007, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xuming.studio"; dns.query; content:"dns.xuming.studio"; nocase; fast_pattern; classtype:bad-unknown; sid:27991008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1008, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yague.me"; dns.query; content:"dns.yague.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1009, updated_at 2024_12_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for common.dot.dns.yandex.net"; dns.query; content:"common.dot.dns.yandex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1010, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dot.dns.yandex.net"; dns.query; content:"family.dot.dns.yandex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1011, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safe.dot.dns.yandex.net"; dns.query; content:"safe.dot.dns.yandex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1012, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for your-dns.run"; dns.query; content:"your-dns.run"; nocase; fast_pattern; classtype:bad-unknown; sid:27991013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1013, updated_at 2024_12_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yovbak.com"; dns.query; content:"yovbak.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1014, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zakaria.website"; dns.query; content:"zakaria.website"; nocase; fast_pattern; classtype:bad-unknown; sid:27991015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1015, updated_at 2025_05_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zdn.ro"; dns.query; content:"zdn.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1016, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-kartoffel.zernico.de"; dns.query; content:"adguard-kartoffel.zernico.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1017, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.zknt.org"; dns.query; content:"doh.zknt.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1018, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.zln.wtf"; dns.query; content:"doh.zln.wtf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1019, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1001.cloudflare-dns.com"; dns.query; content:"1001.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1020, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1111.cloudflare-dns.com"; dns.query; content:"1111.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1021, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azure.cloudflare-dns.com"; dns.query; content:"azure.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1022, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opera.cloudflare-dns.com"; dns.query; content:"opera.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1023, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tor.cloudflare-dns.com"; dns.query; content:"tor.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1024, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trr.dns.nextdns.io"; dns.query; content:"trr.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1025, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.blahdns.com"; dns.query; content:"doh.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1026, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdoh.dnsforfamily.com"; dns.query; content:"dnsdoh.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1027, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kronos.plan9dns.com"; dns.query; content:"kronos.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1028, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wikimediadns.org"; dns.query; content:"wikimediadns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1029, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdohnosafesearch.dnsforfamily.com"; dns.query; content:"dnsdohnosafesearch.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1030, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pluton.plan9dns.com"; dns.query; content:"pluton.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1031, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohde.blahdns.com"; dns.query; content:"dohde.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1032, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohsg.blahdns.com"; dns.query; content:"dohsg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1033, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for helios.plan9dns.com"; dns.query; content:"helios.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1034, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cleanbrowsing.org"; dns.query; content:"cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1035, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitalegesellschaft.ch"; dns.query; content:"dns.digitalegesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1036, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnlnoads.alekberg.net"; dns.query; content:"dnsnlnoads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1037, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnsfilter.com"; dns.query; content:"doh.dnsfilter.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1038, updated_at 2025_01_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohipv6.crypto.sx"; dns.query; content:"dohipv6.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1039, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.ryanpalmer.com"; dns.query; content:"dns1.ryanpalmer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1040, updated_at 2024_11_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssenoads.alekberg.net"; dns.query; content:"dnssenoads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1041, updated_at 2025_03_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eieidns.com"; dns.query; content:"doh.eieidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1042, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.de.blahdns.com"; dns.query; content:"doh.de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1043, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bugdns.com"; dns.query; content:"doh.bugdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1044, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datt.pw"; dns.query; content:"doh.datt.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1045, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ntu.ssooss.win"; dns.query; content:"doh.ntu.ssooss.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1046, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.learningman.top"; dns.query; content:"dns.learningman.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1047, updated_at 2025_01_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.kyusang.win"; dns.query; content:"agh.kyusang.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1048, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.teradns.org"; dns.query; content:"de.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1049, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qrtz.club"; dns.query; content:"dns.qrtz.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1050, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qual.cuprum.ru"; dns.query; content:"qual.cuprum.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1051, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for minilla.store"; dns.query; content:"minilla.store"; nocase; fast_pattern; classtype:bad-unknown; sid:27991052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1052, updated_at 2025_04_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr-sel.doh.sb"; dns.query; content:"kr-sel.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1053, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eth.link"; dns.query; content:"eth.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1054, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.watch"; dns.query; content:"dns.watch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1055, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ginovs.nl"; dns.query; content:"dns.ginovs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1056, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.us.newpangea.de"; dns.query; content:"dns1.us.newpangea.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1057, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.swin.pro"; dns.query; content:"dns.swin.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1058, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsc.torgues.net"; dns.query; content:"nsc.torgues.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1059, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for msr177.com"; dns.query; content:"msr177.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1060, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-dro-w-p-1.nashkan.net"; dns.query; content:"nl-dro-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1061, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.beardic.cn"; dns.query; content:"dns.beardic.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1062, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thegoodsource.net"; dns.query; content:"dns.thegoodsource.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1063, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.futuredns.me"; dns.query; content:"dns.futuredns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1064, updated_at 2025_02_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-api.icloud.com"; dns.query; content:"mask-api.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1065, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tesem.dog"; dns.query; content:"dns.tesem.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27991066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1066, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.azsopro.net"; dns.query; content:"dns.azsopro.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1067, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bl.eq.md"; dns.query; content:"bl.eq.md"; nocase; fast_pattern; classtype:bad-unknown; sid:27991068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1068, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aerro.in"; dns.query; content:"dns.aerro.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1069, updated_at 2025_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.imbuffering.com"; dns.query; content:"noads.imbuffering.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1070, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.technochat.in"; dns.query; content:"doh.technochat.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1071, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.888654.xyz"; dns.query; content:"dns.888654.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1072, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shalenkov.dev"; dns.query; content:"shalenkov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1073, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mow.doh.sb"; dns.query; content:"ru-mow.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1074, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fet01.dnscry.pt"; dns.query; content:"fet01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1075, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dfw02.dnscry.pt"; dns.query; content:"dfw02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1076, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fizz.studio"; dns.query; content:"dns.fizz.studio"; nocase; fast_pattern; classtype:bad-unknown; sid:27991077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1077, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns4me.net"; dns.query; content:"dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1078, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shield.afixer.app"; dns.query; content:"shield.afixer.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1079, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nvi-dns.bitdefender.net"; dns.query; content:"nvi-dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1080, updated_at 2025_05_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tky-dns.bitdefender.net"; dns.query; content:"tky-dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1081, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra-dns.bitdefender.net"; dns.query; content:"fra-dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1082, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for httpdns-push.heytapmobile.com"; dns.query; content:"httpdns-push.heytapmobile.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1083, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iow-dns.bitdefender.net"; dns.query; content:"iow-dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1084, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.rueiliu.space"; dns.query; content:"adg.rueiliu.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1085, updated_at 2025_05_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.abstergo.it"; dns.query; content:"block.abstergo.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1086, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ef67daisuki.club"; dns.query; content:"adguard.ef67daisuki.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1087, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gustamadh.dynv6.net"; dns.query; content:"gustamadh.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1088, updated_at 2025_05_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.velyn.my.id"; dns.query; content:"dns.velyn.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1089, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fly.io"; dns.query; content:"fly.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1090, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.internal.hosmatic.com"; dns.query; content:"dns.internal.hosmatic.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1091, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securenet.mhsystems.net"; dns.query; content:"securenet.mhsystems.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1092, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shutgaming.net"; dns.query; content:"adguard.shutgaming.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1093, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ender.fr"; dns.query; content:"adguard.ender.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1094, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.azoris.ovh"; dns.query; content:"doh.azoris.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1095, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.enzonix.com"; dns.query; content:"dns.enzonix.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1096, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flwagners.com"; dns.query; content:"dns.flwagners.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1097, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mzrme.cn"; dns.query; content:"dns.mzrme.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1098, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wantaquddin.com"; dns.query; content:"wantaquddin.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1099, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.muxinghe.cn"; dns.query; content:"dns.muxinghe.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1100, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.baishiyuan.cn"; dns.query; content:"dns.baishiyuan.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1101, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.weixin.qq.com.cn"; dns.query; content:"dns.weixin.qq.com.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1102, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d4d.moe"; dns.query; content:"dns.d4d.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1103, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gateway.fomichev.cloud"; dns.query; content:"gateway.fomichev.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1104, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ny.teradns.org"; dns.query; content:"ny.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1105, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dekonix.ru"; dns.query; content:"adguard.dekonix.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1106, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aquilenet.fr"; dns.query; content:"dns.aquilenet.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1107, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chr.kepegawaiandju.id"; dns.query; content:"chr.kepegawaiandju.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1108, updated_at 2024_11_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh003.280blocker.net"; dns.query; content:"doh003.280blocker.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1109, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for at.pzhg.me"; dns.query; content:"at.pzhg.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1110, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for biying.flymlc.com"; dns.query; content:"biying.flymlc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1111, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tx.teradns.org"; dns.query; content:"tx.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1112, updated_at 2025_02_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.falkenthal.org"; dns.query; content:"dns.falkenthal.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1113, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sriedmueadguard.casa"; dns.query; content:"sriedmueadguard.casa"; nocase; fast_pattern; classtype:bad-unknown; sid:27991114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1114, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.jnorton.us"; dns.query; content:"adg.jnorton.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1115, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for performance.gosami.xyz"; dns.query; content:"performance.gosami.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1116, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.13evl.com"; dns.query; content:"dns.13evl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1117, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.sc-lezhi.com"; dns.query; content:"ns1.sc-lezhi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1118, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-hkg.doh.sb"; dns.query; content:"hk-hkg.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1119, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for justhost.bedro.cloud"; dns.query; content:"justhost.bedro.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1120, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for console.carestyle.org"; dns.query; content:"console.carestyle.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1121, updated_at 2025_02_08;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk.teradns.org"; dns.query; content:"uk.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1122, updated_at 2025_02_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for orpi.privado.ovh"; dns.query; content:"orpi.privado.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1123, updated_at 2025_02_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kss.ovh"; dns.query; content:"adguard.kss.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1124, updated_at 2025_03_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.murgi.de"; dns.query; content:"dns.murgi.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1125, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rafn.is"; dns.query; content:"dns.rafn.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27991126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1126, updated_at 2025_05_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c.cicitt.ch"; dns.query; content:"c.cicitt.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1127, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privatnas.servebeer.com"; dns.query; content:"privatnas.servebeer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1128, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for geshido.vpn.geshido.ru"; dns.query; content:"geshido.vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1129, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.imaicool.com"; dns.query; content:"dns.imaicool.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1130, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for local.sufly.top"; dns.query; content:"local.sufly.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1131, updated_at 2025_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zzuhacker.cn"; dns.query; content:"dns.zzuhacker.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1132, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ikataruto.com"; dns.query; content:"dns.ikataruto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1133, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.irumatech.com"; dns.query; content:"dns1.irumatech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1134, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.abd.ong"; dns.query; content:"adguard.abd.ong"; nocase; fast_pattern; classtype:bad-unknown; sid:27991135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1135, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chaos-system.de"; dns.query; content:"chaos-system.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1136, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kiboko.it"; dns.query; content:"adguard.kiboko.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1137, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.is0mino.com"; dns.query; content:"dns.is0mino.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1138, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for osefcorp.duckdns.org"; dns.query; content:"osefcorp.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1139, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wargan.io"; dns.query; content:"dns.wargan.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1140, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.panszelescik.pl"; dns.query; content:"dns.panszelescik.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1141, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hellozhao.com"; dns.query; content:"dns.hellozhao.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1142, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.sg.newpangea.de"; dns.query; content:"dns1.sg.newpangea.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1143, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.30x.me"; dns.query; content:"doh.30x.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1144, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic2.i2pd.xyz"; dns.query; content:"opennic2.i2pd.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1145, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.oms-ctr.ru"; dns.query; content:"adguard.oms-ctr.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1146, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id.terra.my.id"; dns.query; content:"id.terra.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1147, updated_at 2024_12_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alloxr.info"; dns.query; content:"dns.alloxr.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1148, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dns-53.uk"; dns.query; content:"dns.dns-53.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1149, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shield1.eranext.net"; dns.query; content:"shield1.eranext.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1150, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.spirio.fr"; dns.query; content:"dns.spirio.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1151, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.charraud.eu"; dns.query; content:"dns.charraud.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1152, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.alu.dog"; dns.query; content:"adguard.alu.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27991153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1153, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.zburger.top"; dns.query; content:"www.zburger.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1154, updated_at 2025_03_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pumpkinvrar.com"; dns.query; content:"dns.pumpkinvrar.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1155, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ricko.is"; dns.query; content:"ricko.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27991156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1156, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.joaofidelix.com.br"; dns.query; content:"dns.joaofidelix.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1157, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tw2.ooroot.com"; dns.query; content:"tw2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1158, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ceai.com.tw"; dns.query; content:"dns.ceai.com.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1159, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cfdjb.org"; dns.query; content:"cfdjb.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1160, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-dus.doh.sb"; dns.query; content:"de-dus.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1161, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.n23.io"; dns.query; content:"dns.n23.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1162, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maybe.icu"; dns.query; content:"dns.maybe.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1163, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jinwoo.dev"; dns.query; content:"dns.jinwoo.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1164, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.cl.newpangea.de"; dns.query; content:"dns1.cl.newpangea.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1165, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.7vpn.com"; dns.query; content:"dns.7vpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1166, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.npsolution.it"; dns.query; content:"dns.npsolution.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1167, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnswebvsn.com"; dns.query; content:"dnswebvsn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1168, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.gloom.nexus"; dns.query; content:"agh.gloom.nexus"; nocase; fast_pattern; classtype:bad-unknown; sid:27991169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1169, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zougloub.eu"; dns.query; content:"zougloub.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1170, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rootlab.top"; dns.query; content:"dns.rootlab.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1171, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.interhub.cc"; dns.query; content:"dns.interhub.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1172, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver4.dns.openinternet.io"; dns.query; content:"resolver4.dns.openinternet.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1173, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eddi.net"; dns.query; content:"dns.eddi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1174, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for catchen121299.top"; dns.query; content:"catchen121299.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1175, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.narl.app"; dns.query; content:"dns.narl.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1176, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.gslb2.xfinity.com"; dns.query; content:"doh2.gslb2.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1177, updated_at 2025_05_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.christian.moe"; dns.query; content:"dns.christian.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1178, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arashi.eu.org"; dns.query; content:"arashi.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1179, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vishalk.com"; dns.query; content:"dns.vishalk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1180, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 351242444.xyz"; dns.query; content:"351242444.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1181, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.connect.fail"; dns.query; content:"dns.connect.fail"; nocase; fast_pattern; classtype:bad-unknown; sid:27991182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1182, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pnh.my.id"; dns.query; content:"dns.pnh.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1183, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secondary.safe.dns.yandex.ru"; dns.query; content:"secondary.safe.dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1184, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safe.dns.yandex.ru"; dns.query; content:"safe.dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1185, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.scarx.net"; dns.query; content:"dns.scarx.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1186, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams.doh.sb"; dns.query; content:"nl-ams.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1187, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sellan.fr"; dns.query; content:"dns.sellan.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1188, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muxyuji.ru"; dns.query; content:"muxyuji.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1189, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst1.absolight.net"; dns.query; content:"res-acst1.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1190, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst2.absolight.net"; dns.query; content:"res-acst2.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1191, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ueni.dyndns.org"; dns.query; content:"ueni.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1192, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.hottis.de"; dns.query; content:"doh.hottis.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1193, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nullgate.net"; dns.query; content:"dns.nullgate.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1194, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pates.services.sfr.fr.casepp.sfr.fr"; dns.query; content:"pates.services.sfr.fr.casepp.sfr.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1195, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.kekew.info"; dns.query; content:"doh.kekew.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1196, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mihanentalpo.me"; dns.query; content:"dns.mihanentalpo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1197, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zrh1-ns01.monzoon.net"; dns.query; content:"zrh1-ns01.monzoon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1198, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.enjoymylife.net"; dns.query; content:"home.enjoymylife.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1199, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for project-evoex.de"; dns.query; content:"project-evoex.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1200, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.valscosmos.com"; dns.query; content:"doh.valscosmos.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1201, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neilzone.co.uk"; dns.query; content:"dns.neilzone.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1202, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.tezoi.com"; dns.query; content:"cloud.tezoi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1203, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neowutran.ovh"; dns.query; content:"dns.neowutran.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1204, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.freopc.fr"; dns.query; content:"dns.freopc.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1205, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mestdag.fr"; dns.query; content:"dns.mestdag.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1206, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maitrekuc.fr"; dns.query; content:"dns.maitrekuc.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1207, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.funil.de"; dns.query; content:"doh.funil.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1208, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.albony.xyz"; dns.query; content:"dns.albony.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1209, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skydragoness.com"; dns.query; content:"skydragoness.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1210, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.piekacz.pl"; dns.query; content:"adguard.piekacz.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1211, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.melvin2204.nl"; dns.query; content:"dns.melvin2204.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1212, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yuvelirtut.website"; dns.query; content:"yuvelirtut.website"; nocase; fast_pattern; classtype:bad-unknown; sid:27991213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1213, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yatima.tv"; dns.query; content:"dns.yatima.tv"; nocase; fast_pattern; classtype:bad-unknown; sid:27991214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1214, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.unasw.eu"; dns.query; content:"www.unasw.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1215, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ipoac.nl"; dns.query; content:"ipoac.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1216, updated_at 2025_02_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for echoe1yidzu4ioo5.myfritz.net"; dns.query; content:"echoe1yidzu4ioo5.myfritz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1217, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.pukanuragan.ru"; dns.query; content:"www.pukanuragan.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1218, updated_at 2025_04_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for callies-online.site"; dns.query; content:"callies-online.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1219, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.colorfreedom.org"; dns.query; content:"dns.colorfreedom.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1220, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pggns.de"; dns.query; content:"adguard.pggns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1221, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole3.hoerli.net"; dns.query; content:"pihole3.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1222, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for typaza.com"; dns.query; content:"typaza.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1223, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.schlagheck.berlin"; dns.query; content:"dns.schlagheck.berlin"; nocase; fast_pattern; classtype:bad-unknown; sid:27991224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1224, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yandex.ru"; dns.query; content:"dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1225, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.onlyfriends.info"; dns.query; content:"adguard.onlyfriends.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1226, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole1.hoerli.net"; dns.query; content:"pihole1.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1227, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.3wv.de"; dns.query; content:"dns.3wv.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1228, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lelux.fi"; dns.query; content:"lelux.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27991229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1229, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.warpnine.de"; dns.query; content:"dns.warpnine.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1230, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gayanalysing.co.uk"; dns.query; content:"dns.gayanalysing.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1231, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve2.r9x.cc"; dns.query; content:"resolve2.r9x.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1232, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mikeliu.org"; dns.query; content:"dns.mikeliu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1233, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tj.jamesxue.xyz"; dns.query; content:"tj.jamesxue.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1234, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cryptomize.com"; dns.query; content:"dns.cryptomize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1235, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsblock.grisumedia.de"; dns.query; content:"dnsblock.grisumedia.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1236, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.abraservice.xyz"; dns.query; content:"doh.abraservice.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1237, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg02.dnscry.pt"; dns.query; content:"hkg02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1238, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.maison.gifino.fr"; dns.query; content:"adguard.maison.gifino.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1239, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.depieri.net"; dns.query; content:"adguard.depieri.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1240, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.immanuelschaffer.de"; dns.query; content:"dns.immanuelschaffer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1241, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.clanto.cloud"; dns.query; content:"dns.clanto.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1242, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.adguard-dns.com"; dns.query; content:"d.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1243, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sidnlabs.nl"; dns.query; content:"doh.sidnlabs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1244, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic1.eth-services.de"; dns.query; content:"opennic1.eth-services.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1245, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.joey01245.nl"; dns.query; content:"dns.joey01245.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1246, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neubsi.at"; dns.query; content:"dns.neubsi.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1247, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cube.neubsi.at"; dns.query; content:"cube.neubsi.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1248, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pope.cnblw.me"; dns.query; content:"pope.cnblw.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1249, updated_at 2025_03_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fuchur.pentament.de"; dns.query; content:"fuchur.pentament.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1250, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for truta.org"; dns.query; content:"truta.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1251, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.home.daniil.it"; dns.query; content:"dns.home.daniil.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1252, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic.tenta.io"; dns.query; content:"opennic.tenta.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1253, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iana.tenta.io"; dns.query; content:"iana.tenta.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1254, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sukidayo.eu.org"; dns.query; content:"sukidayo.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1255, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for httpdns.meituan.com"; dns.query; content:"httpdns.meituan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1256, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yameenassotally.com"; dns.query; content:"dns.yameenassotally.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1257, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mru01.dnscry.pt"; dns.query; content:"mru01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1258, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh-yz.russel053.com"; dns.query; content:"agh-yz.russel053.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1259, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-dns1.bancuh.com"; dns.query; content:"jp-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1260, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jiyi.eu"; dns.query; content:"dns.jiyi.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1261, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-malwaresec.nordthreatprotection.com"; dns.query; content:"dns-malwaresec.nordthreatprotection.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1262, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-cybersec.nordthreatprotection.com"; dns.query; content:"dns-cybersec.nordthreatprotection.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1263, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.gq"; dns.query; content:"ychen.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27991264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1264, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.max.net.id"; dns.query; content:"doh.max.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1265, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wyx.cloud"; dns.query; content:"wyx.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1266, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-nrt.doh.sb"; dns.query; content:"jp-nrt.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1267, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.infotek.net.id"; dns.query; content:"doh.infotek.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1268, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xyz"; dns.query; content:"doh.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1269, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gi.co.id"; dns.query; content:"dns.gi.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1270, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pernika.net"; dns.query; content:"dns.pernika.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1271, updated_at 2025_04_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for urology.wiki"; dns.query; content:"urology.wiki"; nocase; fast_pattern; classtype:bad-unknown; sid:27991272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1272, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mtoo.vip"; dns.query; content:"dns.mtoo.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27991273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1273, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.chungocoai.name.vn"; dns.query; content:"www.chungocoai.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1274, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.engineer.web.id"; dns.query; content:"dns.engineer.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1275, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.repinger.com"; dns.query; content:"dns.repinger.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1276, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cnetwork.cloud"; dns.query; content:"doh.cnetwork.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1277, updated_at 2025_03_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.spil.co.id"; dns.query; content:"dns.spil.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1278, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.teradns.org"; dns.query; content:"sg.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1279, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hakim.one"; dns.query; content:"dns.hakim.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1280, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nguyendn.com"; dns.query; content:"dns.nguyendn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1281, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.apemlegit.my.id"; dns.query; content:"d.apemlegit.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1282, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.goldplate.org"; dns.query; content:"dns.goldplate.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1283, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.zephyrus.id"; dns.query; content:"doh.zephyrus.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1284, updated_at 2025_01_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-ny-alula.heliumcloud.cc"; dns.query; content:"us-ny-alula.heliumcloud.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1285, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ashleyjackson.net"; dns.query; content:"dns.ashleyjackson.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1286, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d2.shabi.icu"; dns.query; content:"d2.shabi.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1287, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tlz.asia"; dns.query; content:"tlz.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1288, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.maxfong.cc"; dns.query; content:"www.maxfong.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1289, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.warma.me"; dns.query; content:"dns.warma.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1290, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for comss.one"; dns.query; content:"comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1291, updated_at 2025_05_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o1.lt"; dns.query; content:"o1.lt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1292, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rayanbab.com"; dns.query; content:"dns.rayanbab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1293, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clearweb.woodbridge.club"; dns.query; content:"clearweb.woodbridge.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1294, updated_at 2025_05_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aerodrorne.vip"; dns.query; content:"aerodrorne.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27991295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1295, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.blogssl.com"; dns.query; content:"adguard.blogssl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1296, updated_at 2025_04_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alleesph.online"; dns.query; content:"alleesph.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1297, updated_at 2025_05_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole4.hoerli.net"; dns.query; content:"pihole4.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1298, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.princex.net"; dns.query; content:"dns.princex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1299, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.auapi.fun"; dns.query; content:"dns.auapi.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1300, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.runsel.id"; dns.query; content:"doh.runsel.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1301, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dgea.fr"; dns.query; content:"dns.dgea.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1302, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unerror.network"; dns.query; content:"dns.unerror.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27991303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1303, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lista.my.id"; dns.query; content:"dns.lista.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1304, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crypto.sx"; dns.query; content:"crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1305, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ahadns.net"; dns.query; content:"ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1306, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.sntrk.ru"; dns.query; content:"guard.sntrk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1307, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gztech.me"; dns.query; content:"gztech.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1308, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hanahira.dev"; dns.query; content:"dns.hanahira.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1309, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iki.my.id"; dns.query; content:"dns.iki.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1310, updated_at 2025_01_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xusqui.com"; dns.query; content:"dns.xusqui.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1311, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dooks.uk"; dns.query; content:"dns.dooks.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1312, updated_at 2025_01_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sparshbajaj.me"; dns.query; content:"adguard.sparshbajaj.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1313, updated_at 2025_04_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblockersite.com"; dns.query; content:"adblockersite.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1314, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for takhtakh.domyah.net"; dns.query; content:"takhtakh.domyah.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1315, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 003153.xyz"; dns.query; content:"003153.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1316, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d365.in"; dns.query; content:"dns.d365.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1317, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iamanuragh.in"; dns.query; content:"dns.iamanuragh.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1318, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vtcuong.site"; dns.query; content:"vtcuong.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1319, updated_at 2025_02_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaiwu.xyz"; dns.query; content:"kaiwu.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1320, updated_at 2025_01_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dltuykfgp.top"; dns.query; content:"www.dltuykfgp.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1321, updated_at 2025_05_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for armorrush.eu.org"; dns.query; content:"armorrush.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1322, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.repressoh.it"; dns.query; content:"dns.repressoh.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1323, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hannielzhang.com"; dns.query; content:"dns.hannielzhang.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1324, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.daemon.za.net"; dns.query; content:"dns.daemon.za.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1325, updated_at 2025_01_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.puredns.org"; dns.query; content:"family.puredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1326, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.twotigers.xyz"; dns.query; content:"adguard.twotigers.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1327, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsforfamily.com"; dns.query; content:"dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1328, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-dns.com"; dns.query; content:"adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1329, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bobstrecansky.com"; dns.query; content:"dns.bobstrecansky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1330, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.f4a.fun"; dns.query; content:"dns.f4a.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1331, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bofh.in"; dns.query; content:"dns.bofh.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1332, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca.doh.cloudveil.org"; dns.query; content:"ca.doh.cloudveil.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1333, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.xinfeng16m.top"; dns.query; content:"agh.xinfeng16m.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1334, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kxy.ink"; dns.query; content:"dns.kxy.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27991335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1335, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tracker.ink"; dns.query; content:"dns.tracker.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27991336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1336, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkname.freecdn.one"; dns.query; content:"hkname.freecdn.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1337, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r1bnc.com"; dns.query; content:"r1bnc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1338, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chilimac.net"; dns.query; content:"dns.chilimac.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1339, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.jsanagustin.net"; dns.query; content:"adguard1.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1340, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wirimij.nl"; dns.query; content:"adguard.wirimij.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1341, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lashes-brow.ru"; dns.query; content:"dns.lashes-brow.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1342, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.bonsirven.eu"; dns.query; content:"adguard.bonsirven.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1343, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gambini.org"; dns.query; content:"adguard.gambini.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1344, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for area51.mywire.org"; dns.query; content:"area51.mywire.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1345, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cwlys.com"; dns.query; content:"dns.cwlys.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1346, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fwgw.orangepipc.mywire.org"; dns.query; content:"fwgw.orangepipc.mywire.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1347, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jundev.org"; dns.query; content:"dns.jundev.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1348, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keke125.com"; dns.query; content:"dns.keke125.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1349, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ares-taiwan.com"; dns.query; content:"dns.ares-taiwan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1350, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.soldier.terumi.club"; dns.query; content:"dns.soldier.terumi.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1351, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.indust.me"; dns.query; content:"dns.indust.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1352, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cloudmini.net"; dns.query; content:"adguard.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1353, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ihatemy.live"; dns.query; content:"adguard.ihatemy.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27991354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1354, updated_at 2025_01_08;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ihaveacloud.com"; dns.query; content:"dns.ihaveacloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1355, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.cf"; dns.query; content:"ychen.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1356, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hujiayucc.cn"; dns.query; content:"dns.hujiayucc.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1357, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for h.gjrick.tw"; dns.query; content:"h.gjrick.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1358, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tungdnsne.duckdns.org"; dns.query; content:"tungdnsne.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1359, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.david888.com"; dns.query; content:"dns.david888.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1360, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.scapetical.com"; dns.query; content:"dns.scapetical.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1361, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.samutz.com"; dns.query; content:"cloud.samutz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1362, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huyhoangit.net"; dns.query; content:"dns.huyhoangit.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1363, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pesaventofilippo.com"; dns.query; content:"dns.pesaventofilippo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1364, updated_at 2025_03_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.guidocioni.it"; dns.query; content:"dns2.guidocioni.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1365, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.datamatter.co.za"; dns.query; content:"pihole.datamatter.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27991366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1366, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for switch.ch"; dns.query; content:"switch.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1367, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.tzockt.beer"; dns.query; content:"ad.tzockt.beer"; nocase; fast_pattern; classtype:bad-unknown; sid:27991368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1368, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mainframe.dewed.de"; dns.query; content:"mainframe.dewed.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1369, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bigora2.vuhai.de"; dns.query; content:"bigora2.vuhai.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1370, updated_at 2024_11_08;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.jeroenhd.nl"; dns.query; content:"doh.jeroenhd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1371, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ha-dvin.pp.ua"; dns.query; content:"dns.ha-dvin.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1372, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.theres.one"; dns.query; content:"dns.theres.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1373, updated_at 2025_03_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.txq.life"; dns.query; content:"dns.txq.life"; nocase; fast_pattern; classtype:bad-unknown; sid:27991374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1374, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keithchung.hopto.org"; dns.query; content:"keithchung.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1375, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vmath.my.id"; dns.query; content:"dns.vmath.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1376, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for emby.rasp.tv"; dns.query; content:"emby.rasp.tv"; nocase; fast_pattern; classtype:bad-unknown; sid:27991377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1377, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nenam.eu"; dns.query; content:"nenam.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1378, updated_at 2025_03_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.filipccz.eu"; dns.query; content:"dns.filipccz.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1379, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for krtekvpn.duckdns.org"; dns.query; content:"krtekvpn.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1380, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ines.zfn.uni-bremen.de"; dns.query; content:"ines.zfn.uni-bremen.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1381, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole2.hoerli.net"; dns.query; content:"pihole2.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1382, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.simplylinux.ch"; dns.query; content:"dns.simplylinux.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1383, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver-eu.haringstad.com"; dns.query; content:"resolver-eu.haringstad.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1384, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v.dnscrypt.uk"; dns.query; content:"v.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1385, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.olpploiopkuyhiopsfrt.info"; dns.query; content:"dns.olpploiopkuyhiopsfrt.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1386, updated_at 2025_01_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maolaohei.xyz"; dns.query; content:"dns.maolaohei.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1387, updated_at 2025_03_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kusoneko.moe"; dns.query; content:"dns.kusoneko.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1388, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edison42.dev"; dns.query; content:"dns.edison42.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1389, updated_at 2025_03_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tuandns.duckdns.org"; dns.query; content:"tuandns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1390, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moonssif.com"; dns.query; content:"dns.moonssif.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1391, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm.mytm.cc"; dns.query; content:"vm.mytm.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1392, updated_at 2025_01_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns1.lonet.org"; dns.query; content:"doh.dns1.lonet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1393, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.almir1904.eu"; dns.query; content:"dns.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1394, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns-ga.de"; dns.query; content:"doh.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1395, updated_at 2025_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.in.newpangea.de"; dns.query; content:"dns1.in.newpangea.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1396, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for michelo.line.pm"; dns.query; content:"michelo.line.pm"; nocase; fast_pattern; classtype:bad-unknown; sid:27991397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1397, updated_at 2024_11_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.au.newpangea.de"; dns.query; content:"dns1.au.newpangea.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1398, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.toairs.com"; dns.query; content:"d.toairs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1399, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr1.ooroot.com"; dns.query; content:"kr1.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1400, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tienpham.id.vn"; dns.query; content:"tienpham.id.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1401, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr2.ooroot.com"; dns.query; content:"kr2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1402, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.haneulo.com"; dns.query; content:"adguard.haneulo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1403, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ellichua.com"; dns.query; content:"dns.ellichua.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1404, updated_at 2025_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.linkr.ninja"; dns.query; content:"dns.linkr.ninja"; nocase; fast_pattern; classtype:bad-unknown; sid:27991405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1405, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sscw.win"; dns.query; content:"adguard.sscw.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1406, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.porteii.com"; dns.query; content:"dns.porteii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1407, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.zpn.me"; dns.query; content:"a.zpn.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1408, updated_at 2025_01_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for esel.stusta.mhn.de"; dns.query; content:"esel.stusta.mhn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1409, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muli.stusta.mhn.de"; dns.query; content:"muli.stusta.mhn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1410, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-tyo-w-p-1.nashkan.net"; dns.query; content:"jp-tyo-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1411, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.klcd.eu"; dns.query; content:"dns1.klcd.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1412, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pierzchlewicz.pl"; dns.query; content:"dns.pierzchlewicz.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1413, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.indianets.net"; dns.query; content:"adblock.indianets.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1414, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hole.elbschloss.xyz"; dns.query; content:"hole.elbschloss.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1415, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alvosec.com"; dns.query; content:"dns.alvosec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1416, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfiltro.fun"; dns.query; content:"adfiltro.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1417, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cornes.me"; dns.query; content:"doh.cornes.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1418, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for in-blr.doh.sb"; dns.query; content:"in-blr.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1419, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sbdns.co.in"; dns.query; content:"sbdns.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1420, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.workfordemo.co.in"; dns.query; content:"agh.workfordemo.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1421, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.klcd.eu"; dns.query; content:"dns2.klcd.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1422, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.wewitro.net"; dns.query; content:"doh.wewitro.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1423, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hitian.me"; dns.query; content:"hitian.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1424, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-ca.naftalie.net"; dns.query; content:"doh-ca.naftalie.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1425, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd.doh.sb"; dns.query; content:"au-syd.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1426, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.korzhyk.pp.ua"; dns.query; content:"dns.korzhyk.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1427, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dekedin.me"; dns.query; content:"dns.dekedin.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1428, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.futa.app"; dns.query; content:"doh.futa.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1429, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dotdns.cryptroute.com"; dns.query; content:"dotdns.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1430, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fra.doh.sb"; dns.query; content:"de-fra.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1431, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for galileo.math.unipd.it"; dns.query; content:"galileo.math.unipd.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1432, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fnt01.dnscry.pt"; dns.query; content:"fnt01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1433, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mikrotikrumahan.my.id"; dns.query; content:"dns.mikrotikrumahan.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1434, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.funtopia.tv"; dns.query; content:"doh.funtopia.tv"; nocase; fast_pattern; classtype:bad-unknown; sid:27991435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1435, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.886886886.xyz"; dns.query; content:"dns.886886886.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1436, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ours.luxe"; dns.query; content:"dns.ours.luxe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1437, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skrep.in"; dns.query; content:"dns.skrep.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1438, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.354688.xyz"; dns.query; content:"dns.354688.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1439, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hotta.page"; dns.query; content:"dns.hotta.page"; nocase; fast_pattern; classtype:bad-unknown; sid:27991440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1440, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sstomp.nl"; dns.query; content:"dns.sstomp.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1441, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jabber-germany.de"; dns.query; content:"jabber-germany.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1442, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dotnet.win"; dns.query; content:"dns.dotnet.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1443, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloud88.com.au"; dns.query; content:"dns.cloud88.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1444, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jkdns.me"; dns.query; content:"jkdns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1445, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.zachitect.com"; dns.query; content:"adguard.zachitect.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1446, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.techeasy.org"; dns.query; content:"dns1.techeasy.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1447, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oraclejp2.chungyu.com"; dns.query; content:"oraclejp2.chungyu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1448, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.cbio.top"; dns.query; content:"dns2.cbio.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1449, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home27.duckdns.org"; dns.query; content:"home27.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1450, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hugo0.moe"; dns.query; content:"dns.hugo0.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1451, updated_at 2024_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.janl.eu"; dns.query; content:"dns.janl.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1452, updated_at 2025_01_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk2.ooroot.com"; dns.query; content:"hk2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1453, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.dotls.org"; dns.query; content:"ns1.dotls.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1454, updated_at 2025_02_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure-dns.pleumkungz.com"; dns.query; content:"secure-dns.pleumkungz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1455, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp2.ooroot.com"; dns.query; content:"jp2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1456, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.huyct.net"; dns.query; content:"ad.huyct.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1457, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xenergy.cc"; dns.query; content:"xenergy.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1458, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.justinnetworkingsolutions.com"; dns.query; content:"dns.justinnetworkingsolutions.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1459, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ttag.dns.nomu.pw"; dns.query; content:"ttag.dns.nomu.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1460, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for do.shimul.me"; dns.query; content:"do.shimul.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1461, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.johanliebert.top"; dns.query; content:"adguard.johanliebert.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1462, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.abdullahabas.de"; dns.query; content:"dns.abdullahabas.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1463, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-primary-pool.goodbyegambling.com"; dns.query; content:"doh-primary-pool.goodbyegambling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1464, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huseynov.work"; dns.query; content:"dns.huseynov.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27991465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1465, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lvolland.fr"; dns.query; content:"dns.lvolland.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1466, updated_at 2025_02_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b33.space"; dns.query; content:"dns.b33.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1467, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fezgate.ovh"; dns.query; content:"fezgate.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1468, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh.cloudflare-dns.com"; dns.query; content:"odoh.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1469, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dooh.cloudflare-dns.com"; dns.query; content:"dooh.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1470, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zemows.industries"; dns.query; content:"dns.zemows.industries"; nocase; fast_pattern; classtype:bad-unknown; sid:27991471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1471, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-fr-psv1.cloudsides.com"; dns.query; content:"dns-fr-psv1.cloudsides.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1472, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra1.eyecay.xyz"; dns.query; content:"fra1.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1473, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-sin.doh.sb"; dns.query; content:"sg-sin.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1474, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for easyhandshake.com"; dns.query; content:"easyhandshake.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1475, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnscrypt.uk"; dns.query; content:"doh.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1476, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for do.dnscrypt.uk"; dns.query; content:"do.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1477, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.coderoria.com"; dns.query; content:"dns.coderoria.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1478, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vinnyp.xyz"; dns.query; content:"dns.vinnyp.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1479, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fullaccesstointernet.jp.eu.org"; dns.query; content:"dns.fullaccesstointernet.jp.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1480, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.renardyre.com"; dns.query; content:"dns.renardyre.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1481, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hinet.net"; dns.query; content:"dns.hinet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1482, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpdns.cola16.app"; dns.query; content:"jpdns.cola16.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1483, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chromeina.top"; dns.query; content:"dns.chromeina.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1484, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.tooli.ca"; dns.query; content:"dot.tooli.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1485, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg2.ooroot.com"; dns.query; content:"sg2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1486, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp1.f7b6h9.tk"; dns.query; content:"jp1.f7b6h9.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1487, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.micronets.in"; dns.query; content:"doh.micronets.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1488, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.mtsoln.com"; dns.query; content:"ns.mtsoln.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1489, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dallinbryce.com"; dns.query; content:"dns.dallinbryce.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1490, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for comss.ru"; dns.query; content:"comss.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1491, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ovpn.bond"; dns.query; content:"dns.ovpn.bond"; nocase; fast_pattern; classtype:bad-unknown; sid:27991492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1492, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.horcrux.vip"; dns.query; content:"dns.horcrux.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27991493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1493, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pccoach.nl"; dns.query; content:"dns.pccoach.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1494, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.hartley.cloud"; dns.query; content:"adguard.hartley.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1495, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.scott-smith.us"; dns.query; content:"dns.scott-smith.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1496, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2.xx3210766.live"; dns.query; content:"v2.xx3210766.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27991497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1497, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.glorydns.com"; dns.query; content:"dns.glorydns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1498, updated_at 2025_03_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.dns.privex.io"; dns.query; content:"de.dns.privex.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1499, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jichi.io"; dns.query; content:"dns.jichi.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1500, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vinokurov.tk"; dns.query; content:"dns.vinokurov.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1501, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.marschi.de"; dns.query; content:"ag.marschi.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1502, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privado.ovh"; dns.query; content:"dns.privado.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1503, updated_at 2025_02_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blockerads.multimediaconcept.fr"; dns.query; content:"blockerads.multimediaconcept.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1504, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chadeyron.fr"; dns.query; content:"dns.chadeyron.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1505, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vd.i81.ru"; dns.query; content:"vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1506, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dnsadguard.co.uk"; dns.query; content:"www.dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1507, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jurre-home.duckdns.org"; dns.query; content:"jurre-home.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1508, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keweon.center"; dns.query; content:"dns.keweon.center"; nocase; fast_pattern; classtype:bad-unknown; sid:27991509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1509, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.msxnet.ru"; dns.query; content:"dns.msxnet.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1510, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 5g.o0o.re"; dns.query; content:"5g.o0o.re"; nocase; fast_pattern; classtype:bad-unknown; sid:27991511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1511, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for punono.duckdns.org"; dns.query; content:"punono.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1512, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ee-tll.doh.sb"; dns.query; content:"ee-tll.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1513, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk-lon.doh.sb"; dns.query; content:"uk-lon.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1514, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.port53.dk"; dns.query; content:"doh.port53.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1515, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-cov-w-p-1.nashkan.net"; dns.query; content:"gb-cov-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1516, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-cov-w-f-1.nashkan.net"; dns.query; content:"gb-cov-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1517, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns4.opennameserver.org"; dns.query; content:"ns4.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1518, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.daarrk.tech"; dns.query; content:"dns.daarrk.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1519, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n5.lsasss.com"; dns.query; content:"n5.lsasss.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1520, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.psociety.de"; dns.query; content:"dns.psociety.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1521, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lesuo.top"; dns.query; content:"lesuo.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1522, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bw.i81.ru"; dns.query; content:"dns.bw.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1523, updated_at 2024_11_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cynntex.fun"; dns.query; content:"cynntex.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1524, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.npe.bz"; dns.query; content:"dns.npe.bz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1525, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.grqu.de"; dns.query; content:"dns.grqu.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1526, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.saferbfc.org"; dns.query; content:"dns2.saferbfc.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1527, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hanmey.de"; dns.query; content:"dns.hanmey.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1528, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.listo.click"; dns.query; content:"dns.listo.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27991529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1529, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wahr.top"; dns.query; content:"dns.wahr.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1530, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b-ii.com"; dns.query; content:"b-ii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1531, updated_at 2024_12_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.totoro.pub"; dns.query; content:"doh.totoro.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27991532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1532, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.trust404.win"; dns.query; content:"dns.trust404.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1533, updated_at 2025_04_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ruby.ci"; dns.query; content:"adguard.ruby.ci"; nocase; fast_pattern; classtype:bad-unknown; sid:27991534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1534, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for den01.dnscry.pt"; dns.query; content:"den01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1535, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iamninja.ru"; dns.query; content:"dns.iamninja.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1536, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.marto.si"; dns.query; content:"adguard.marto.si"; nocase; fast_pattern; classtype:bad-unknown; sid:27991537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1537, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zxcvb.pp.ua"; dns.query; content:"zxcvb.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1538, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.leenit.kr"; dns.query; content:"adblock.leenit.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1539, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.technostriker.com"; dns.query; content:"dns.technostriker.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1540, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moulticast.net"; dns.query; content:"dns.moulticast.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1541, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for morbitzer.de"; dns.query; content:"morbitzer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1542, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.suche.org"; dns.query; content:"doh.suche.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1543, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for net01.youcef.io"; dns.query; content:"net01.youcef.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1544, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.flodns.net"; dns.query; content:"ns1.flodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1545, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.flodns.net"; dns.query; content:"ns2.flodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1546, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams2.doh.sb"; dns.query; content:"nl-ams2.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1547, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kilabit.info"; dns.query; content:"kilabit.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1548, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tributh.net"; dns.query; content:"tributh.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1549, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aeiou.pp.ua"; dns.query; content:"dns.aeiou.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1550, updated_at 2025_05_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cubedns.com"; dns.query; content:"cubedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1551, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pizzari.me"; dns.query; content:"dns.pizzari.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1552, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for naganohara-yoimiya.momokko.moe"; dns.query; content:"naganohara-yoimiya.momokko.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1553, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.doh.cloudveil.org"; dns.query; content:"us.doh.cloudveil.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1554, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-privacy.puregeni.us"; dns.query; content:"dns-privacy.puregeni.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1555, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.fltn.us"; dns.query; content:"agh.fltn.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1556, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-kix.doh.sb"; dns.query; content:"jp-kix.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1557, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.furrydns.de"; dns.query; content:"dns.furrydns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1558, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pangerl.it"; dns.query; content:"adguard.pangerl.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1559, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hostdare.qtxd.net"; dns.query; content:"hostdare.qtxd.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1560, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for httpdns-sc.aliyuncs.com"; dns.query; content:"httpdns-sc.aliyuncs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1561, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.infracell.net"; dns.query; content:"doh.infracell.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1562, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iij.jp"; dns.query; content:"iij.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27991563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1563, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.leadmon.net"; dns.query; content:"adguard1.leadmon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1564, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdns22.gkonuralp.com"; dns.query; content:"sdns22.gkonuralp.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1565, updated_at 2025_03_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xholgm.top"; dns.query; content:"xholgm.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1566, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb.aadityakushwaha.com"; dns.query; content:"adb.aadityakushwaha.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1567, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudtrust.solutions"; dns.query; content:"dns.cloudtrust.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27991568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1568, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sandbox.opendns.com"; dns.query; content:"sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1569, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for familyshield.opendns.com"; dns.query; content:"familyshield.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1570, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.opendns.com"; dns.query; content:"dns.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1571, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dyn1.de"; dns.query; content:"dns.dyn1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1572, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.atakorah.com"; dns.query; content:"adguardhome.atakorah.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1573, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.quickline.ch"; dns.query; content:"dot.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1574, updated_at 2025_05_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.conne.net"; dns.query; content:"dns1.conne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1575, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mo0on15.com"; dns.query; content:"dns.mo0on15.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1576, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.technicule.info"; dns.query; content:"vpn.technicule.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1577, updated_at 2024_12_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.kooman.org"; dns.query; content:"doh.kooman.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1578, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.norvig.dk"; dns.query; content:"dns.norvig.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1579, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lgprk.com"; dns.query; content:"dns.lgprk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1580, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-yyc.doh.sb"; dns.query; content:"ca-yyc.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1581, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpsus3.pzhg.me"; dns.query; content:"vpsus3.pzhg.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1582, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for br.servers.legat.ml"; dns.query; content:"br.servers.legat.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1583, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscache0.ns71.net"; dns.query; content:"dnscache0.ns71.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1584, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ronc.ru"; dns.query; content:"dns.ronc.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1585, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testguard.meexx.de"; dns.query; content:"testguard.meexx.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1586, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for inpssh.online"; dns.query; content:"inpssh.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1587, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hshh.org"; dns.query; content:"hshh.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1588, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.printk.info"; dns.query; content:"agh.printk.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1589, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscache.e-utp.net"; dns.query; content:"dnscache.e-utp.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1590, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.morbitzer.de"; dns.query; content:"www.morbitzer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1591, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nat64.tuxis.nl"; dns.query; content:"nat64.tuxis.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1592, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock-dot.dnswarden.com"; dns.query; content:"adblock-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1593, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adult-filter-dot.dnswarden.com"; dns.query; content:"adult-filter-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1594, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bitgeek.in"; dns.query; content:"dns.bitgeek.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1595, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnses.alekberg.net"; dns.query; content:"dnses.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1596, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.larsdebruin.net"; dns.query; content:"dns.larsdebruin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1597, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nixnet.xyz"; dns.query; content:"dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1598, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.au.ahadns.net"; dns.query; content:"doh.au.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1599, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.blockerdns.com"; dns.query; content:"doh.blockerdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1600, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.netweaver.uk"; dns.query; content:"doh.netweaver.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1601, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pi-dns.com"; dns.query; content:"doh.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1602, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.securedns.eu"; dns.query; content:"dot.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1603, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ecs-doh.dnswarden.com"; dns.query; content:"ecs-doh.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1604, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jarjar.meganerd.nl"; dns.query; content:"jarjar.meganerd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1605, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for steering.nextdns.io"; dns.query; content:"steering.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1606, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored-dot.dnswarden.com"; dns.query; content:"uncensored-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1607, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.dns.seby.io"; dns.query; content:"2.dnscrypt-cert.dns.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1608, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-api.fe.apple-dns.net"; dns.query; content:"mask-api.fe.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1609, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.umbrella.com"; dns.query; content:"dns.umbrella.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1610, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-03.spectrum.com"; dns.query; content:"doh-03.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1611, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.glsoft.ai"; dns.query; content:"dns.glsoft.ai"; nocase; fast_pattern; classtype:bad-unknown; sid:27991612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1612, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for krdns.cola16.app"; dns.query; content:"krdns.cola16.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1613, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-01.hir.app"; dns.query; content:"dns-01.hir.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1614, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jluo.app"; dns.query; content:"dns.jluo.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1615, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nieto.app"; dns.query; content:"dns.nieto.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1616, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.streamvine.app"; dns.query; content:"dns.streamvine.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1617, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for telex.app"; dns.query; content:"telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1618, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bwh2.telex.app"; dns.query; content:"bwh2.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1619, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.telex.app"; dns.query; content:"sg.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1620, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sh.telex.app"; dns.query; content:"sh.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1621, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.wiqi.app"; dns.query; content:"ad.wiqi.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1622, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jst.gob.ar"; dns.query; content:"dns.jst.gob.ar"; nocase; fast_pattern; classtype:bad-unknown; sid:27991623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1623, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outdoor.v6.army"; dns.query; content:"outdoor.v6.army"; nocase; fast_pattern; classtype:bad-unknown; sid:27991624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1624, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdoh.art"; dns.query; content:"dnsdoh.art"; nocase; fast_pattern; classtype:bad-unknown; sid:27991625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1625, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yu-dns.art"; dns.query; content:"yu-dns.art"; nocase; fast_pattern; classtype:bad-unknown; sid:27991626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1626, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for railgun.lingzero.asia"; dns.query; content:"railgun.lingzero.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1627, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qwqawa.asia"; dns.query; content:"dns.qwqawa.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1628, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.s0ra.asia"; dns.query; content:"dns.s0ra.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1629, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr.sh16.asia"; dns.query; content:"kr.sh16.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1630, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.timochan.asia"; dns.query; content:"dns.timochan.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1631, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.timochan.asia"; dns.query; content:"dot.timochan.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1632, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tetra.aeins.at"; dns.query; content:"tetra.aeins.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1633, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kloiber.co.at"; dns.query; content:"dns.kloiber.co.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1634, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.kloiber.co.at"; dns.query; content:"dns2.kloiber.co.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1635, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dahamnw.at"; dns.query; content:"dahamnw.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1636, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.family.fraiss.at"; dns.query; content:"dns.family.fraiss.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1637, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kudns.kescher.at"; dns.query; content:"kudns.kescher.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1638, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tekno.at"; dns.query; content:"tekno.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1639, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xfer.au"; dns.query; content:"xfer.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1640, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.dz.ax"; dns.query; content:"adg.dz.ax"; nocase; fast_pattern; classtype:bad-unknown; sid:27991641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1641, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.znit.net.bd"; dns.query; content:"ns1.znit.net.bd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1642, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 9132706292.cloudns.be"; dns.query; content:"9132706292.cloudns.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1643, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.9132706292.cloudns.be"; dns.query; content:"a.9132706292.cloudns.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1644, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.9132706292.cloudns.be"; dns.query; content:"i.9132706292.cloudns.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1645, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for j.9132706292.cloudns.be"; dns.query; content:"j.9132706292.cloudns.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1646, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r.9132706292.cloudns.be"; dns.query; content:"r.9132706292.cloudns.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1647, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcbrdh8v6m.digitallink.be"; dns.query; content:"pcbrdh8v6m.digitallink.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1648, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for smartphone-niels.pcbrdh8v6m.digitallink.be"; dns.query; content:"smartphone-niels.pcbrdh8v6m.digitallink.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1649, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for smartphone-saskia.pcbrdh8v6m.digitallink.be"; dns.query; content:"smartphone-saskia.pcbrdh8v6m.digitallink.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1650, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rome.digitallink.be"; dns.query; content:"rome.digitallink.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1651, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.digitallink.be"; dns.query; content:"www.digitallink.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1652, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fifux.be"; dns.query; content:"dns.fifux.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1653, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.housedenolf.be"; dns.query; content:"dns.housedenolf.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1654, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jimirobaer.be"; dns.query; content:"dns.jimirobaer.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1655, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.teckhawk.be"; dns.query; content:"dns.teckhawk.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1656, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.best"; dns.query; content:"doh.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27991657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1657, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for appart.yoannchappaz.best"; dns.query; content:"appart.yoannchappaz.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27991658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1658, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oracle001.330k.biz"; dns.query; content:"oracle001.330k.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1659, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.aminetwork.biz"; dns.query; content:"adguard.aminetwork.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1660, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nubecita.biz"; dns.query; content:"dns.nubecita.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1661, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nubecita.biz"; dns.query; content:"dns2.nubecita.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1662, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.rokh.biz"; dns.query; content:"adg.rokh.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1663, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for casa1.www1.biz"; dns.query; content:"casa1.www1.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1664, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for allain.com.br"; dns.query; content:"allain.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1665, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kdgnkjho4od8w40.americasnet.com.br"; dns.query; content:"kdgnkjho4od8w40.americasnet.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1666, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.epace.com.br"; dns.query; content:"dns.epace.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1667, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.gugainfo.com.br"; dns.query; content:"blackhole.gugainfo.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1668, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssp.koretech.com.br"; dns.query; content:"dnssp.koretech.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1669, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arrakis.korolyzer.com.br"; dns.query; content:"arrakis.korolyzer.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1670, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lothuscorp.com.br"; dns.query; content:"lothuscorp.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1671, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.madeconengenharia.com.br"; dns.query; content:"adguard.madeconengenharia.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1672, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mariasantana.com.br"; dns.query; content:"dns.mariasantana.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1673, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oceanprint.com.br"; dns.query; content:"dns.oceanprint.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1674, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns02.oceanprint.com.br"; dns.query; content:"dns02.oceanprint.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1675, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.servidorcasa.com.br"; dns.query; content:"adguard.servidorcasa.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1676, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skynetinternet.com.br"; dns.query; content:"skynetinternet.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1677, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for speedtest.skynetinternet.com.br"; dns.query; content:"speedtest.skynetinternet.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1678, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.skynetinternet.com.br"; dns.query; content:"www.skynetinternet.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1679, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for br.lfac.net.br"; dns.query; content:"br.lfac.net.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1680, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-br.leonardo.tec.br"; dns.query; content:"dns-br.leonardo.tec.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1681, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wwwdjl.buzz"; dns.query; content:"dns.wwwdjl.buzz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1682, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edgeworkssystems.ca"; dns.query; content:"dns.edgeworkssystems.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1683, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.karanovic.ca"; dns.query; content:"dns.karanovic.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1684, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nukys.ca"; dns.query; content:"doh.nukys.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1685, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for router.sapib.ca"; dns.query; content:"router.sapib.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1686, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tapawan.ca"; dns.query; content:"dns.tapawan.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1687, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tbnk.ca"; dns.query; content:"dns.tbnk.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1688, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nydns.omada.cafe"; dns.query; content:"nydns.omada.cafe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1689, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.iranet.cam"; dns.query; content:"doh.iranet.cam"; nocase; fast_pattern; classtype:bad-unknown; sid:27991690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1690, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pds.cfornas.casa"; dns.query; content:"pds.cfornas.casa"; nocase; fast_pattern; classtype:bad-unknown; sid:27991691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1691, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kintoun.alves.cc"; dns.query; content:"kintoun.alves.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1692, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ayrespace.cc"; dns.query; content:"adguard.ayrespace.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1693, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dedsec.cc"; dns.query; content:"dns.dedsec.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1694, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.dnsovertor.cc"; dns.query; content:"adguard2.dnsovertor.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1695, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnsovertor.cc"; dns.query; content:"doh.dnsovertor.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1696, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dash.flylcc.cc"; dns.query; content:"dash.flylcc.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1697, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for life.flylcc.cc"; dns.query; content:"life.flylcc.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1698, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v7.frame-one.cc"; dns.query; content:"v7.frame-one.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1699, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v8.frame-one.cc"; dns.query; content:"v8.frame-one.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1700, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for funti.cc"; dns.query; content:"funti.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1701, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for futurearts.cc"; dns.query; content:"futurearts.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1702, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.hansj.cc"; dns.query; content:"d.hansj.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1703, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.hxhd.cc"; dns.query; content:"d.hxhd.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1704, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.idelta.cc"; dns.query; content:"dns.idelta.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1705, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.irrelevant.cc"; dns.query; content:"vps.irrelevant.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1706, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jnmj.cc"; dns.query; content:"dns.jnmj.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1707, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bt.luoo.cc"; dns.query; content:"bt.luoo.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1708, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maxfong.cc"; dns.query; content:"maxfong.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1709, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nekofish.cc"; dns.query; content:"dns.nekofish.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1710, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neonteam.cc"; dns.query; content:"dns.neonteam.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1711, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.niccoli.cc"; dns.query; content:"dns.niccoli.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1712, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nonomi.cc"; dns.query; content:"dns.nonomi.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1713, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.plop.cc"; dns.query; content:"doh.plop.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1714, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v.qdev.cc"; dns.query; content:"v.qdev.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1715, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.seaotter.cc"; dns.query; content:"dns.seaotter.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1716, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shalenkov.cc"; dns.query; content:"shalenkov.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1717, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sledge.cc"; dns.query; content:"dns.sledge.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1718, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vlo.cc"; dns.query; content:"dns.vlo.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1719, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns140.zhhz.cc"; dns.query; content:"dns140.zhhz.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1720, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns168.zhhz.cc"; dns.query; content:"dns168.zhhz.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1721, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for main.zhhz.cc"; dns.query; content:"main.zhhz.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1722, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ux.go20.cf"; dns.query; content:"ux.go20.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1723, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.xkong.cf"; dns.query; content:"a.xkong.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1724, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.zephyrsec.cfd"; dns.query; content:"doh.zephyrsec.cfd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1725, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ajlxwk4kedu5.absq.ch"; dns.query; content:"ajlxwk4kedu5.absq.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1726, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pebdbvi58gbc.absq.ch"; dns.query; content:"pebdbvi58gbc.absq.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1727, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.jabertechnologies.ch"; dns.query; content:"adg.jabertechnologies.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1728, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quickline.ch"; dns.query; content:"dns.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1729, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-cache.switch.ch"; dns.query; content:"dns-cache.switch.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1730, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-cache2.switch.ch"; dns.query; content:"dns-cache2.switch.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1731, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-1.trust2it.ch"; dns.query; content:"dns-1.trust2it.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1732, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-2.trust2it.ch"; dns.query; content:"dns-2.trust2it.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1733, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pointless.chat"; dns.query; content:"dns.pointless.chat"; nocase; fast_pattern; classtype:bad-unknown; sid:27991734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1734, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.michelo.cl"; dns.query; content:"dns.michelo.cl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1735, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for katherine-dns.newcore.cl"; dns.query; content:"katherine-dns.newcore.cl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1736, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for as17820865.click"; dns.query; content:"as17820865.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27991737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1737, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vancrafter.click"; dns.query; content:"dns.vancrafter.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27991738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1738, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardsecure.cloud"; dns.query; content:"adguardsecure.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1739, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.audet.cloud"; dns.query; content:"dns.audet.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1740, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for friend.bedro.cloud"; dns.query; content:"friend.bedro.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1741, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dsns.cloud"; dns.query; content:"adguard.dsns.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1742, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.dsns.cloud"; dns.query; content:"adguard2.dsns.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1743, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.h0schi.cloud"; dns.query; content:"dns.h0schi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1744, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.h0schi.cloud"; dns.query; content:"dns2.h0schi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1745, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jaydub.cloud"; dns.query; content:"adguard.jaydub.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1746, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.krol.cloud"; dns.query; content:"dns.krol.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1747, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lilith.cloud"; dns.query; content:"dns.lilith.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1748, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ltse.cloud"; dns.query; content:"dns.ltse.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1749, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mesterdodh.cloud"; dns.query; content:"dns.mesterdodh.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1750, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neoland.cloud"; dns.query; content:"neoland.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1751, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nexen.cloud"; dns.query; content:"doh.nexen.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1752, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for snafflefang.obn.cloud"; dns.query; content:"snafflefang.obn.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1753, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stud.cloud"; dns.query; content:"dns.stud.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1754, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.stud.cloud"; dns.query; content:"www.dns.stud.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1755, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thd2020.cloud"; dns.query; content:"dns.thd2020.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1756, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.thefather.cloud"; dns.query; content:"guard.thefather.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1757, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thore.cloud"; dns.query; content:"dns.thore.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1758, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 4yix.l.time4vps.cloud"; dns.query; content:"4yix.l.time4vps.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1759, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls.vietguards.cloud"; dns.query; content:"tls.vietguards.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1760, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.vosjes.cloud"; dns.query; content:"vpn.vosjes.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1761, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-dns.zmy.cloud"; dns.query; content:"dot-dns.zmy.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1762, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns.clubbase.club"; dns.query; content:"addns.clubbase.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1763, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fsociety.club"; dns.query; content:"dns.fsociety.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1764, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blade.lixd.club"; dns.query; content:"blade.lixd.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1765, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for meowless.club"; dns.query; content:"meowless.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1766, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.citystars.cn"; dns.query; content:"dns.citystars.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1767, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.ciwer.cn"; dns.query; content:"ns.ciwer.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1768, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gc.cyberbeta.cn"; dns.query; content:"gc.cyberbeta.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1769, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.guyifei.cn"; dns.query; content:"nas.guyifei.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1770, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gx.gx.cn"; dns.query; content:"adguard.gx.gx.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1771, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.adguard.gx.gx.cn"; dns.query; content:"www.adguard.gx.gx.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1772, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.hugang8.cn"; dns.query; content:"doh.hugang8.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1773, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for huntllcx.cn"; dns.query; content:"huntllcx.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1774, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iozoi.cn"; dns.query; content:"iozoi.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1775, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jerryw.cn"; dns.query; content:"dns.jerryw.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1776, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.jhsweetheart.cn"; dns.query; content:"adg.jhsweetheart.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1777, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpc.adg.jhsweetheart.cn"; dns.query; content:"vpc.adg.jhsweetheart.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1778, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ljk.kkizz.cn"; dns.query; content:"ljk.kkizz.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1779, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kuxuanyun.cn"; dns.query; content:"dns.kuxuanyun.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1780, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dn.kyay006.cn"; dns.query; content:"dn.kyay006.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1781, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gzdns.lyjfy.cn"; dns.query; content:"gzdns.lyjfy.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1782, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myv2ray.cn"; dns.query; content:"myv2ray.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1783, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for route.netshi.cn"; dns.query; content:"route.netshi.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1784, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.sc92.cn"; dns.query; content:"us.sc92.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1785, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skaco.cn"; dns.query; content:"dns.skaco.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1786, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.smikuy.cn"; dns.query; content:"dns.smikuy.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1787, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tefuir0829.cn"; dns.query; content:"dns.tefuir0829.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1788, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xinwujiang.cn"; dns.query; content:"dns.xinwujiang.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1789, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yyjeqhc.cn"; dns.query; content:"dns.yyjeqhc.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1790, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zcscdn.cn"; dns.query; content:"dns.zcscdn.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1791, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zyzh20021020.cn"; dns.query; content:"dns.zyzh20021020.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1792, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.embraced.co"; dns.query; content:"nas.embraced.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1793, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mapor.co"; dns.query; content:"adguard.mapor.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1794, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blokuj.ujwie.co"; dns.query; content:"blokuj.ujwie.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1795, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nitter.ujwie.co"; dns.query; content:"nitter.ujwie.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27991796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1796, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.1xtrm.com"; dns.query; content:"dns.1xtrm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1797, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.1xtrm.com"; dns.query; content:"vpn.1xtrm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1798, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.2kil.com"; dns.query; content:"doh.2kil.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1799, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.2poi.com"; dns.query; content:"dns.2poi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1800, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.58jdl.com"; dns.query; content:"dns.58jdl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1801, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ayman-dns.731my.com"; dns.query; content:"ayman-dns.731my.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1802, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 89dahia.com"; dns.query; content:"89dahia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1803, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for one.dotted.9l3.com"; dns.query; content:"one.dotted.9l3.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1804, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaronplayzgaming.com"; dns.query; content:"dns.aaronplayzgaming.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1805, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abluehope.com"; dns.query; content:"abluehope.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1806, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.abluehope.com"; dns.query; content:"dns.abluehope.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1807, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vn.dns.abpvn.com"; dns.query; content:"vn.dns.abpvn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1808, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgremoteau.com"; dns.query; content:"adgremoteau.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1809, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aghdns.com"; dns.query; content:"aghdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1810, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ahcek.com"; dns.query; content:"ahcek.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1811, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ahmgam.com"; dns.query; content:"dns.ahmgam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1812, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.airyobi.com"; dns.query; content:"ns.airyobi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1813, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for albertocognetti.com"; dns.query; content:"albertocognetti.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1814, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.almanasports.com"; dns.query; content:"adguard.almanasports.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1815, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usa1.altcensored.com"; dns.query; content:"usa1.altcensored.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1816, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oradns.anbitech.com"; dns.query; content:"oradns.anbitech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1817, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.andreykiv.com"; dns.query; content:"dns.andreykiv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1818, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xkariak.asuscomm.com"; dns.query; content:"xkariak.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1819, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.asysec.com"; dns.query; content:"dns.asysec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1820, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe.avastdns.com"; dns.query; content:"europe.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1821, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe-west.avastdns.com"; dns.query; content:"europe-west.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1822, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for axistechsupport.com"; dns.query; content:"axistechsupport.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1823, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ayarzagoitia.com"; dns.query; content:"dns.ayarzagoitia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1824, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vdsn-nl-2.azatmutq.com"; dns.query; content:"vdsn-nl-2.azatmutq.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1825, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vdsn-nl-2.azatmutq.com"; dns.query; content:"www.vdsn-nl-2.azatmutq.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1826, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cattery2.eastasia.cloudapp.azure.com"; dns.query; content:"cattery2.eastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1827, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nc6d6ofnfu9puwnc.eastasia.cloudapp.azure.com"; dns.query; content:"nc6d6ofnfu9puwnc.eastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1828, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sradg.eastus.cloudapp.azure.com"; dns.query; content:"sradg.eastus.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1829, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sradg2.eastus.cloudapp.azure.com"; dns.query; content:"sradg2.eastus.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1830, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kawpad.southeastasia.cloudapp.azure.com"; dns.query; content:"kawpad.southeastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1831, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-resolver-01.swedencentral.cloudapp.azure.com"; dns.query; content:"dns-resolver-01.swedencentral.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1832, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ublock-dns-resolver-01.swedencentral.cloudapp.azure.com"; dns.query; content:"ublock-dns-resolver-01.swedencentral.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1833, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-be-azure.westeurope.cloudapp.azure.com"; dns.query; content:"adguard-be-azure.westeurope.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1834, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ublock-dns-resolver-02.westeurope.cloudapp.azure.com"; dns.query; content:"ublock-dns-resolver-02.westeurope.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1835, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bahien.com"; dns.query; content:"dns.bahien.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1836, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bai0012.com"; dns.query; content:"dns.bai0012.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1837, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscdn.bai0012.com"; dns.query; content:"dnscdn.bai0012.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1838, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-dns2.bancuh.com"; dns.query; content:"fr-dns2.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1839, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-dns2.bancuh.com"; dns.query; content:"sg-dns2.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1840, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for barsipgpt.com"; dns.query; content:"barsipgpt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1841, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for domburg.beruys.com"; dns.query; content:"domburg.beruys.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1842, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.blogcuahieu.com"; dns.query; content:"adh.blogcuahieu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1843, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bluestarnc.com"; dns.query; content:"dns.bluestarnc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1844, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bobstrecansky.com"; dns.query; content:"bobstrecansky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1845, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.broaddy.com"; dns.query; content:"agh.broaddy.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1846, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.agh.broaddy.com"; dns.query; content:"www.agh.broaddy.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1847, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.2.bsh4.com"; dns.query; content:"dns.2.bsh4.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1848, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unifi.carioka.com"; dns.query; content:"unifi.carioka.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1849, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cedoman.com"; dns.query; content:"adguard.cedoman.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1850, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chalkychalk.com"; dns.query; content:"dns.chalkychalk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1851, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.chaudharyarnav.com"; dns.query; content:"adguard.chaudharyarnav.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1852, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chillstice.com"; dns.query; content:"dns.chillstice.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1853, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adhome.chinghuat.com"; dns.query; content:"adhome.chinghuat.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1854, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chenrouter.chironys.com"; dns.query; content:"chenrouter.chironys.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1855, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.citrahost.com"; dns.query; content:"dns.citrahost.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1856, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cloud-sekeng.com"; dns.query; content:"doh.cloud-sekeng.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1857, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ys.cloud-sekeng.com"; dns.query; content:"ys.cloud-sekeng.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1858, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ada.ns.cloudflare.com"; dns.query; content:"ada.ns.cloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1859, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudseriousshit.com"; dns.query; content:"dns.cloudseriousshit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1860, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cnbeining.com"; dns.query; content:"adguard.cnbeining.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1861, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.corestu.com"; dns.query; content:"dns.corestu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1862, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nrusimha.crabdance.com"; dns.query; content:"nrusimha.crabdance.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1863, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cryptroute.com"; dns.query; content:"cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1864, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-guard1.cryptroute.com"; dns.query; content:"dns-guard1.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1865, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-guard2.cryptroute.com"; dns.query; content:"dns-guard2.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1866, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.damir-lukina.com"; dns.query; content:"adguard.damir-lukina.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1867, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 6301s.dangkiem.com"; dns.query; content:"6301s.dangkiem.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1868, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.dchoe.com"; dns.query; content:"agh.dchoe.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1869, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for notebait.ddnsfree.com"; dns.query; content:"notebait.ddnsfree.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1870, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.ddnsgeek.com"; dns.query; content:"noads.ddnsgeek.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1871, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dedidl.com"; dns.query; content:"dedidl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1872, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dientutronghuong.com"; dns.query; content:"adguard.dientutronghuong.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1873, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dionperera.com"; dns.query; content:"dns.dionperera.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1874, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for disbish.com"; dns.query; content:"disbish.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1875, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mia.dns4sec.com"; dns.query; content:"mia.dns4sec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1876, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-atl.dnsflex.com"; dns.query; content:"doh-lb-atl.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1877, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-br.dnsflex.com"; dns.query; content:"doh-lb-br.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1878, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-ca-tor.dnsflex.com"; dns.query; content:"doh-lb-ca-tor.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1879, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-de.dnsflex.com"; dns.query; content:"doh-lb-de.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1880, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-gb.dnsflex.com"; dns.query; content:"doh-lb-gb.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1881, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-in.dnsflex.com"; dns.query; content:"doh-lb-in.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1882, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-sg.dnsflex.com"; dns.query; content:"doh-lb-sg.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1883, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.doubleangels.com"; dns.query; content:"dns.doubleangels.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1884, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for douglaster.com"; dns.query; content:"douglaster.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1885, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.drnarrow.com"; dns.query; content:"dns.drnarrow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1886, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dvgarm.com"; dns.query; content:"dvgarm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1887, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roucious.dyndns-remote.com"; dns.query; content:"roucious.dyndns-remote.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1888, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rafi.dynns.com"; dns.query; content:"rafi.dynns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1889, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oostelbos.dynu.com"; dns.query; content:"oostelbos.dynu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1890, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for saomai.dynu.com"; dns.query; content:"saomai.dynu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1891, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.echoif.com"; dns.query; content:"dns.echoif.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1892, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edc-pws.com"; dns.query; content:"dns.edc-pws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1893, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssec.dns.enginyring.com"; dns.query; content:"dnssec.dns.enginyring.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1894, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.enginyring.com"; dns.query; content:"dns01.enginyring.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1895, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns02.enginyring.com"; dns.query; content:"dns02.enginyring.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1896, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.enzonix.com"; dns.query; content:"dns2.enzonix.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1897, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.eoghan-net.com"; dns.query; content:"adguard.eoghan-net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1898, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard3.eoghan-net.com"; dns.query; content:"adguard3.eoghan-net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1899, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.ero-sayhi.com"; dns.query; content:"agh.ero-sayhi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1900, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.esegece.com"; dns.query; content:"dns.esegece.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1901, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-family.esegece.com"; dns.query; content:"dns-family.esegece.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1902, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for essentiallyjay.com"; dns.query; content:"essentiallyjay.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1903, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fabianscheifele.com"; dns.query; content:"dns.fabianscheifele.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1904, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gsat.familyds.com"; dns.query; content:"gsat.familyds.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1905, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filipinoray.com"; dns.query; content:"filipinoray.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1906, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.frank-ruan.com"; dns.query; content:"resolver.frank-ruan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1907, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for calm-crown.freemyip.com"; dns.query; content:"calm-crown.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1908, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mkvvpssrv12.freemyip.com"; dns.query; content:"mkvvpssrv12.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1909, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srgaghome.freemyip.com"; dns.query; content:"srgaghome.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1910, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.srgaghome.freemyip.com"; dns.query; content:"www.srgaghome.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1911, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wg-aghome.freemyip.com"; dns.query; content:"wg-aghome.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1912, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.wg-aghome.freemyip.com"; dns.query; content:"www.wg-aghome.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1913, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fuangkhon.com"; dns.query; content:"fuangkhon.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1914, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.fuangkhon.com"; dns.query; content:"www.fuangkhon.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1915, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.gametechnet.com"; dns.query; content:"d.gametechnet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1916, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gattow.com"; dns.query; content:"adguard.gattow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1917, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.georgev22.com"; dns.query; content:"adguard.georgev22.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1918, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lamdtl.giize.com"; dns.query; content:"lamdtl.giize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1919, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for goldstarbag.com"; dns.query; content:"goldstarbag.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1920, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.goldstarbag.com"; dns.query; content:"www.goldstarbag.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1921, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dev.gonnadive.com"; dns.query; content:"dev.gonnadive.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1922, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gonzcid.com"; dns.query; content:"adguard.gonzcid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1923, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.gordmo.com"; dns.query; content:"dot.gordmo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1924, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi-dns.gordon81.com"; dns.query; content:"pi-dns.gordon81.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1925, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gosuntrip.com"; dns.query; content:"gosuntrip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1926, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.grantbruneau.com"; dns.query; content:"adguard.grantbruneau.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1927, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hostedadguard.greatharts.com"; dns.query; content:"hostedadguard.greatharts.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1928, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.green1052.com"; dns.query; content:"adguard.green1052.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1929, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure-dns.gridlax.com"; dns.query; content:"secure-dns.gridlax.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1930, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.grussenmeyer.com"; dns.query; content:"vps.grussenmeyer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1931, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guanmengkai.com"; dns.query; content:"guanmengkai.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1932, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ma1.guardmydns.com"; dns.query; content:"ma1.guardmydns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1933, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homedns.gumeniuk.com"; dns.query; content:"homedns.gumeniuk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1934, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gusald.com"; dns.query; content:"gusald.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1935, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.gusald.com"; dns.query; content:"ad.gusald.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1936, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg-swe.h4nt3r.com"; dns.query; content:"adg-swe.h4nt3r.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1937, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg-vie.h4nt3r.com"; dns.query; content:"adg-vie.h4nt3r.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1938, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.h4nt3r.com"; dns.query; content:"adguard.h4nt3r.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1939, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.haringstad.com"; dns.query; content:"resolver.haringstad.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1940, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for office.heimtec.com"; dns.query; content:"office.heimtec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1941, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for heoyun.com"; dns.query; content:"heoyun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1942, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hi-ih.com"; dns.query; content:"hi-ih.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1943, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hnsfwlkj.com"; dns.query; content:"dns.hnsfwlkj.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1944, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hopsken.com"; dns.query; content:"dns.hopsken.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1945, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for horus-team.com"; dns.query; content:"horus-team.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1946, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.horus-team.com"; dns.query; content:"dns.horus-team.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1947, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hoservers.com"; dns.query; content:"dns.hoservers.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1948, updated_at 2025_03_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hostingim.com"; dns.query; content:"dns.hostingim.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1949, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for huyizhou.com"; dns.query; content:"huyizhou.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1950, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huyizhou.com"; dns.query; content:"dns.huyizhou.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1951, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hyas.com"; dns.query; content:"dns.hyas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1952, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdns.iamshakib.com"; dns.query; content:"pdns.iamshakib.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1953, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.idsam.com"; dns.query; content:"dns2.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1954, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns22.idsam.com"; dns.query; content:"dns22.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1955, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s.idsam.com"; dns.query; content:"s.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1956, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for erroring.ignorelist.com"; dns.query; content:"erroring.ignorelist.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1957, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ilinhy.com"; dns.query; content:"ilinhy.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1958, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.incaseineeditoneday.com"; dns.query; content:"www.incaseineeditoneday.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1959, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for protectic.infotechlibrary.com"; dns.query; content:"protectic.infotechlibrary.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1960, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.irumatech.com"; dns.query; content:"dns.irumatech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1961, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for it-works4u.com"; dns.query; content:"it-works4u.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1962, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.it-works4u.com"; dns.query; content:"www.it-works4u.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1963, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itcosc.com"; dns.query; content:"dns.itcosc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1964, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itwht.com"; dns.query; content:"dns.itwht.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1965, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jamessliu.com"; dns.query; content:"dns.jamessliu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1966, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.janebooom.com"; dns.query; content:"hk.janebooom.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1967, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jfpii.com"; dns.query; content:"adguard.jfpii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1968, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jimwelanobong.com"; dns.query; content:"dns.jimwelanobong.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1969, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jnprd.com"; dns.query; content:"jnprd.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1970, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jnprd.com"; dns.query; content:"dns.jnprd.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1971, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.jobytan.com"; dns.query; content:"home.jobytan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1972, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.johnlez.com"; dns.query; content:"dns.johnlez.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1973, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.jpsrvr.com"; dns.query; content:"noads.jpsrvr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1974, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.juancamos.com"; dns.query; content:"dns.juancamos.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1975, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp01.just-a-web.com"; dns.query; content:"jp01.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1976, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgs02.just-a-web.com"; dns.query; content:"sgs02.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1977, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgs03.just-a-web.com"; dns.query; content:"sgs03.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1978, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaandikec.com"; dns.query; content:"kaandikec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1979, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kaandikec.com"; dns.query; content:"dns.kaandikec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1980, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kc2wbx.com"; dns.query; content:"dns.kc2wbx.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1981, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kejinno.com"; dns.query; content:"dns.kejinno.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1982, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kellerbier-home.com"; dns.query; content:"kellerbier-home.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1983, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keskinnetwork.com"; dns.query; content:"dns.keskinnetwork.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1984, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keskonet.com"; dns.query; content:"dns.keskonet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1985, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for khsan.com"; dns.query; content:"khsan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1986, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.khsan.com"; dns.query; content:"www.khsan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1987, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.kinopu.com"; dns.query; content:"home.kinopu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1988, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for elisabeth.klarsgarden.com"; dns.query; content:"elisabeth.klarsgarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1989, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kongjak.com"; dns.query; content:"dns.kongjak.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1990, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asdfasdfasf.kozow.com"; dns.query; content:"asdfasdfasf.kozow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1991, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkt.kozow.com"; dns.query; content:"hkt.kozow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1992, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.krushkov.com"; dns.query; content:"dns.krushkov.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1993, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kstdownload.com"; dns.query; content:"kstdownload.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1994, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kujoe.com"; dns.query; content:"adguard.kujoe.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1995, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mx1.laoxiao789.com"; dns.query; content:"mx1.laoxiao789.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1996, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for statistics.larryvpn.com"; dns.query; content:"statistics.larryvpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1997, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.laurenlaufman.com"; dns.query; content:"adguard.laurenlaufman.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1998, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lavir.com"; dns.query; content:"dns.lavir.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1999, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leecurrylawfirm.com"; dns.query; content:"leecurrylawfirm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2000, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for br2.lezainski.com"; dns.query; content:"br2.lezainski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2001, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.lezainski.com"; dns.query; content:"dns2.lezainski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2002, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nd.lgprk.com"; dns.query; content:"nd.lgprk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2003, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lildinosaur.com"; dns.query; content:"dns.lildinosaur.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2004, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lithvik.com"; dns.query; content:"dns.lithvik.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2005, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for longhomelab.com"; dns.query; content:"longhomelab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2006, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deweerd.loseyourip.com"; dns.query; content:"deweerd.loseyourip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2007, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddd.loukky.com"; dns.query; content:"ddd.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2008, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddd2.loukky.com"; dns.query; content:"ddd2.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2009, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lpdgx.com"; dns.query; content:"dns.lpdgx.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2010, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.luismm2311.com"; dns.query; content:"dns.luismm2311.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2011, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for orjp4.lz0724.com"; dns.query; content:"orjp4.lz0724.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2012, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adghome.mail-endpoint.com"; dns.query; content:"adghome.mail-endpoint.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2013, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adghome2.mail-endpoint.com"; dns.query; content:"adghome2.mail-endpoint.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2014, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.malhuda.com"; dns.query; content:"dns.malhuda.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2015, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.mangosysdns.com"; dns.query; content:"hk.mangosysdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2016, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.matthias-prost.com"; dns.query; content:"dns.matthias-prost.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2017, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.mattmanzi.com"; dns.query; content:"dns1.mattmanzi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2018, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mcttechs.com"; dns.query; content:"mcttechs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2019, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.me7878.com"; dns.query; content:"dns.me7878.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2020, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-frankfurt.mii-xms.com"; dns.query; content:"dns-frankfurt.mii-xms.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2021, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-singapore.mii-xms.com"; dns.query; content:"dns-singapore.mii-xms.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2022, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mikewaddick.com"; dns.query; content:"mikewaddick.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2023, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.milangeorge.com"; dns.query; content:"dns.milangeorge.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2024, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.miyun1.com"; dns.query; content:"dns.miyun1.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2025, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mo0on15.com"; dns.query; content:"mo0on15.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2026, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for query.mobyds.com"; dns.query; content:"query.mobyds.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2027, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home47a.mooo.com"; dns.query; content:"home47a.mooo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2028, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.motazhakim.com"; dns.query; content:"dns.motazhakim.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2029, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for as6604t-04.myasustor.com"; dns.query; content:"as6604t-04.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2030, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for che.myasustor.com"; dns.query; content:"che.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2031, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for justfor.myasustor.com"; dns.query; content:"justfor.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2032, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas-scheiben34.myasustor.com"; dns.query; content:"nas-scheiben34.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2033, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zanty123456.myasustor.com"; dns.query; content:"zanty123456.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2034, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for walker.mynetgear.com"; dns.query; content:"walker.mynetgear.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2035, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for egshe.myqnapcloud.com"; dns.query; content:"egshe.myqnapcloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2036, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for newlibrarian.myqnapcloud.com"; dns.query; content:"newlibrarian.myqnapcloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2037, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.niko-sem.com"; dns.query; content:"adguard.niko-sem.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2038, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnx.niko-sem.com"; dns.query; content:"dnx.niko-sem.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2039, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nfnvr.noiselink.com"; dns.query; content:"nfnvr.noiselink.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2040, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x.ns1net.com"; dns.query; content:"x.ns1net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2041, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsown.com"; dns.query; content:"nsown.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2042, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nullrecon.com"; dns.query; content:"dns.nullrecon.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2043, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ha.o51r15.com"; dns.query; content:"ha.o51r15.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2044, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.odysseusnetwork.com"; dns.query; content:"adguard.odysseusnetwork.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2045, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hknat.ooguy.com"; dns.query; content:"hknat.ooguy.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2046, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ortudns.com"; dns.query; content:"ortudns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2047, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oryxlabs.com"; dns.query; content:"dns.oryxlabs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2048, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.osmenoga.com"; dns.query; content:"dns.osmenoga.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2049, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wireguard.osmenoga.com"; dns.query; content:"wireguard.osmenoga.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2050, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jksrbgldkghjnfyyjn.ounij.com"; dns.query; content:"jksrbgldkghjnfyyjn.ounij.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2051, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.p55k.com"; dns.query; content:"dns.p55k.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2052, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pacificmonster.com"; dns.query; content:"dns.pacificmonster.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2053, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.paxavemedia.com"; dns.query; content:"dns.paxavemedia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2054, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.periactes.com"; dns.query; content:"dns.periactes.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2055, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns0.permafrostmiami.com"; dns.query; content:"dns0.permafrostmiami.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2056, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pgnhatrang.com"; dns.query; content:"dns.pgnhatrang.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2057, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for philqoo.com"; dns.query; content:"philqoo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2058, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.philqoo.com"; dns.query; content:"dns.philqoo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2059, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pieterdherde.com"; dns.query; content:"dns.pieterdherde.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2060, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gaia.plonknet.com"; dns.query; content:"gaia.plonknet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2061, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uranus.plonknet.com"; dns.query; content:"uranus.plonknet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2062, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muppy.pnamae.com"; dns.query; content:"muppy.pnamae.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2063, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.porteii.com"; dns.query; content:"dns2.porteii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2064, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.prima-solusindo.com"; dns.query; content:"dns2.prima-solusindo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2065, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privatebard.com"; dns.query; content:"privatebard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2066, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sanyulim.publicvm.com"; dns.query; content:"sanyulim.publicvm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2067, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ramansarda.com"; dns.query; content:"dns.ramansarda.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2068, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rjaldorau.com"; dns.query; content:"rjaldorau.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2069, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for saya.rnrkurir.com"; dns.query; content:"saya.rnrkurir.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2070, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rogpurs.com"; dns.query; content:"dns.rogpurs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2071, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pns2.sadraidc.com"; dns.query; content:"pns2.sadraidc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2072, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.saneaki.com"; dns.query; content:"dns.saneaki.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2073, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for scottdylewski.com"; dns.query; content:"scottdylewski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2074, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skyroom.online.bugflaed2.shahram-m8.com"; dns.query; content:"skyroom.online.bugflaed2.shahram-m8.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2075, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skyroom.online.cdn41.shahram-m8.com"; dns.query; content:"skyroom.online.cdn41.shahram-m8.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2076, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skyroom.online.cdn40.shahrammedia.com"; dns.query; content:"skyroom.online.cdn40.shahrammedia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2077, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd.somimobile.com"; dns.query; content:"syd.somimobile.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2078, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.srv00.com"; dns.query; content:"doh.srv00.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2079, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk2.ss.startagegames.com"; dns.query; content:"hk2.ss.startagegames.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2080, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.stealbit.com"; dns.query; content:"adguard.stealbit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2081, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.streamsmoke.com"; dns.query; content:"dns.streamsmoke.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2082, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.stroialliance.com"; dns.query; content:"vpn.stroialliance.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2083, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vpn.stroialliance.com"; dns.query; content:"www.vpn.stroialliance.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2084, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for la-doh.stuptech.com"; dns.query; content:"la-doh.stuptech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2085, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pure.sunnygyl.com"; dns.query; content:"pure.sunnygyl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2086, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surfbelow.com"; dns.query; content:"surfbelow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2087, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.surfbelow.com"; dns.query; content:"www.surfbelow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2088, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.surobe.com"; dns.query; content:"dns.surobe.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2089, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.techcrackr.com"; dns.query; content:"dns.techcrackr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2090, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.teknoholistik.com"; dns.query; content:"family.dns.teknoholistik.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2091, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsrionegro.telnet-isp.com"; dns.query; content:"dnsrionegro.telnet-isp.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2092, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.timothy-dev.com"; dns.query; content:"dns1.timothy-dev.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2093, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chronicle14.tplinkdns.com"; dns.query; content:"chronicle14.tplinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2094, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ebpmc.tplinkdns.com"; dns.query; content:"ebpmc.tplinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2095, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tuankhaiit.com"; dns.query; content:"dns.tuankhaiit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2096, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cn.turngreatwall.com"; dns.query; content:"cn.turngreatwall.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2097, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.varga-da.com"; dns.query; content:"dns.varga-da.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2098, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vozersky.com"; dns.query; content:"adguard.vozersky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2099, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vpnkitakitsune.com"; dns.query; content:"adguard.vpnkitakitsune.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2100, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 45.32.17.58.vultrusercontent.com"; dns.query; content:"45.32.17.58.vultrusercontent.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2101, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wellstsai.com"; dns.query; content:"dns.wellstsai.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2102, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for whatcaniplay.com"; dns.query; content:"whatcaniplay.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2103, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.willhotard.com"; dns.query; content:"adguard.willhotard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2104, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wincservices.com"; dns.query; content:"dns.wincservices.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2105, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.wistarip.com"; dns.query; content:"dns3.wistarip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2106, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.wuyouss.com"; dns.query; content:"ns1.wuyouss.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2107, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usatwo.wuyouss.com"; dns.query; content:"usatwo.wuyouss.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2108, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hostdare.xinyi0668.com"; dns.query; content:"hostdare.xinyi0668.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2109, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xomadns.com"; dns.query; content:"xomadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2110, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1.xylto.com"; dns.query; content:"v1.xylto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2111, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh-hetzner.yasirafique.com"; dns.query; content:"agh-hetzner.yasirafique.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2112, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.youler.com"; dns.query; content:"adguard.youler.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2113, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yyaan.com"; dns.query; content:"dns.yyaan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2114, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zalizman.com"; dns.query; content:"zalizman.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2115, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zeinima.com"; dns.query; content:"dns.zeinima.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2116, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res.zijji.com"; dns.query; content:"res.zijji.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2117, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xyz2.zmjflow.com"; dns.query; content:"xyz2.zmjflow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2118, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unitech.company"; dns.query; content:"dns.unitech.company"; nocase; fast_pattern; classtype:bad-unknown; sid:27992119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2119, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.luan.contact"; dns.query; content:"dns1.luan.contact"; nocase; fast_pattern; classtype:bad-unknown; sid:27992120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2120, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noad.kipp.cool"; dns.query; content:"noad.kipp.cool"; nocase; fast_pattern; classtype:bad-unknown; sid:27992121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2121, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.avc.cx"; dns.query; content:"vps.avc.cx"; nocase; fast_pattern; classtype:bad-unknown; sid:27992122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2122, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hetz.sapient.cyou"; dns.query; content:"hetz.sapient.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27992123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2123, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srv5.jiripocta.cz"; dns.query; content:"srv5.jiripocta.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2124, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.marteskutil.cz"; dns.query; content:"vps.marteskutil.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2125, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rabmoor.cz"; dns.query; content:"adguard.rabmoor.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2126, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.luwei.date"; dns.query; content:"d.luwei.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27992127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2127, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.novali.date"; dns.query; content:"us.novali.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27992128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2128, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.qooqle.date"; dns.query; content:"dot.qooqle.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27992129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2129, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.19kom.de"; dns.query; content:"guard.19kom.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2130, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.2t9.de"; dns.query; content:"dns.2t9.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2131, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adghs.de"; dns.query; content:"adghs.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2132, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-home.de"; dns.query; content:"adguard-home.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2133, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.alematho.de"; dns.query; content:"agh.alematho.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2134, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aykanbacaksoy.de"; dns.query; content:"dns.aykanbacaksoy.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2135, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.betamax65.de"; dns.query; content:"adguard.betamax65.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2136, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.bonis.de"; dns.query; content:"adguard1.bonis.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2137, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.bonis.de"; dns.query; content:"adguard2.bonis.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2138, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.c0ntroller.de"; dns.query; content:"dns.c0ntroller.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2139, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudsrv.charitosnet.de"; dns.query; content:"cloudsrv.charitosnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2140, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for circumitor.de"; dns.query; content:"circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2141, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c-asm.circumitor.de"; dns.query; content:"c-asm.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2142, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c-rm.circumitor.de"; dns.query; content:"c-rm.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2143, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fritz-er.circumitor.de"; dns.query; content:"fritz-er.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2144, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fritz-hbh.circumitor.de"; dns.query; content:"fritz-hbh.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2145, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for m-asm.circumitor.de"; dns.query; content:"m-asm.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2146, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for m-cm.circumitor.de"; dns.query; content:"m-cm.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2147, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for m-rm.circumitor.de"; dns.query; content:"m-rm.circumitor.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2148, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cnova.de"; dns.query; content:"adguard.cnova.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2149, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.codarbyte.de"; dns.query; content:"dns.codarbyte.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2150, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.code66.de"; dns.query; content:"dns.code66.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2151, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hub.com.de"; dns.query; content:"dns.hub.com.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2152, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.crestfallen.de"; dns.query; content:"adguard.crestfallen.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2153, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.dns-ga.de"; dns.query; content:"dot.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2154, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure-dns.dns-ga.de"; dns.query; content:"secure-dns.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2155, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-koe.dns64.de"; dns.query; content:"adguard-koe.dns64.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2156, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dnsforge.de"; dns.query; content:"www.dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2157, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bahopir188.dnshome.de"; dns.query; content:"bahopir188.dnshome.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2158, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsmurray.de"; dns.query; content:"dnsmurray.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2159, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dr-adguard.de"; dns.query; content:"dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2160, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server01.dr-adguard.de"; dns.query; content:"server01.dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2161, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for duii.de"; dns.query; content:"duii.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2162, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atlantic.dyn1.de"; dns.query; content:"atlantic.dyn1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2163, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eccloud.de"; dns.query; content:"eccloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2164, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.eccloud.de"; dns.query; content:"www.eccloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2165, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.internal.espresso-tasse.de"; dns.query; content:"dns.internal.espresso-tasse.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2166, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for handy-matthias.dns.internal.espresso-tasse.de"; dns.query; content:"handy-matthias.dns.internal.espresso-tasse.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2167, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for handy-nils.dns.internal.espresso-tasse.de"; dns.query; content:"handy-nils.dns.internal.espresso-tasse.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2168, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tablet-matthias.dns.internal.espresso-tasse.de"; dns.query; content:"tablet-matthias.dns.internal.espresso-tasse.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2169, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eumera.de"; dns.query; content:"dns.eumera.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2170, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.exonip.de"; dns.query; content:"dns.exonip.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2171, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve.fknw.de"; dns.query; content:"resolve.fknw.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2172, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.frece.de"; dns.query; content:"adguard2.frece.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2173, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eime.goip.de"; dns.query; content:"eime.goip.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2174, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.golegana.de"; dns.query; content:"www.golegana.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2175, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for grunwald-marc.de"; dns.query; content:"grunwald-marc.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2176, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.homepeter.de"; dns.query; content:"adguard01.homepeter.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2177, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.jabber-germany.de"; dns.query; content:"www.jabber-germany.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2178, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jabber-server.de"; dns.query; content:"jabber-server.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2179, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jnkl.de"; dns.query; content:"adguard.jnkl.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2180, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kngnet.de"; dns.query; content:"adguard.kngnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2181, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for knight1.de"; dns.query; content:"knight1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2182, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.kul-lippek.de"; dns.query; content:"agh.kul-lippek.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2183, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.loony-tech.de"; dns.query; content:"dns.loony-tech.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2184, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.masters-of-cloud.de"; dns.query; content:"www.masters-of-cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2185, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rasp.matthias-iwer.de"; dns.query; content:"rasp.matthias-iwer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2186, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mcasviper.de"; dns.query; content:"doh.mcasviper.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2187, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mijoregner.de"; dns.query; content:"mijoregner.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2188, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bw.mijoregner.de"; dns.query; content:"bw.mijoregner.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2189, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mijoregner.de"; dns.query; content:"dns.mijoregner.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2190, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.mijoregner.de"; dns.query; content:"kids.mijoregner.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2191, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mikatos.de"; dns.query; content:"mikatos.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2192, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.muellerstech.de"; dns.query; content:"dns.muellerstech.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2193, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myrusvpn.de"; dns.query; content:"myrusvpn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2194, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mysvc.de"; dns.query; content:"dns.mysvc.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2195, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.pl.newpangea.de"; dns.query; content:"dns1.pl.newpangea.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2196, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nhgnet.de"; dns.query; content:"dns1.nhgnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2197, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nhgnet.de"; dns.query; content:"dns2.nhgnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2198, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.odirf.de"; dns.query; content:"dns.odirf.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2199, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.peb-schmidt.de"; dns.query; content:"dns.peb-schmidt.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2200, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.pidns.de"; dns.query; content:"adg.pidns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2201, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pine-home.de"; dns.query; content:"dns.pine-home.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2202, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ppfeufer.de"; dns.query; content:"adguard.ppfeufer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2203, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for psociety.de"; dns.query; content:"psociety.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2204, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pushedv.de"; dns.query; content:"adguard.pushedv.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2205, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sascha-rabold.de"; dns.query; content:"sascha-rabold.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2206, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.schmidt-zoarn.de"; dns.query; content:"dns.schmidt-zoarn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2207, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for plex.skin57.de"; dns.query; content:"plex.skin57.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2208, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.solutionsbest.de"; dns.query; content:"ns.solutionsbest.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2209, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wifrousl.spdns.de"; dns.query; content:"wifrousl.spdns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2210, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve.srv-pro.de"; dns.query; content:"resolve.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2211, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve02.srv-pro.de"; dns.query; content:"resolve02.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2212, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve2.srv-pro.de"; dns.query; content:"resolve2.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2213, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.telesterion.de"; dns.query; content:"guard.telesterion.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2214, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vsrv15195.customer.xenway.de"; dns.query; content:"vsrv15195.customer.xenway.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2215, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ygonline.de"; dns.query; content:"dns.ygonline.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2216, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ys4.de"; dns.query; content:"ys4.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2217, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.zitronen-server.de"; dns.query; content:"adguard01.zitronen-server.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2218, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for net.0ms.dev"; dns.query; content:"net.0ms.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2219, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eka.dilli.dev"; dns.query; content:"eka.dilli.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2220, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.doda.dev"; dns.query; content:"dns.doda.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2221, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fydne.dev"; dns.query; content:"dns.fydne.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2222, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.herry.dev"; dns.query; content:"adg.herry.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2223, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for local-dns.hotay.dev"; dns.query; content:"local-dns.hotay.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2224, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.isrky.dev"; dns.query; content:"adguard.isrky.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2225, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kpsn.dev"; dns.query; content:"dns.kpsn.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2226, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lucwestbomke.dev"; dns.query; content:"lucwestbomke.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2227, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lucwestbomke.dev"; dns.query; content:"dns.lucwestbomke.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2228, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.lucwestbomke.dev"; dns.query; content:"www.lucwestbomke.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2229, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mokocup.dev"; dns.query; content:"adguard.mokocup.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2230, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t1.onlyfan.dev"; dns.query; content:"t1.onlyfan.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2231, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for quantumpulse.dev"; dns.query; content:"quantumpulse.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2232, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quantumpulse.dev"; dns.query; content:"dns.quantumpulse.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2233, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sark.dev"; dns.query; content:"dns.sark.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2234, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.satadru.dev"; dns.query; content:"vpn.satadru.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2235, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for singy.smartq.dev"; dns.query; content:"singy.smartq.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2236, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.struchkov.dev"; dns.query; content:"dns.struchkov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2237, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.theil.dev"; dns.query; content:"adguard.theil.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2238, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darkhole.uint64.dev"; dns.query; content:"darkhole.uint64.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2239, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.woodyli.dev"; dns.query; content:"dns.woodyli.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2240, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xivilay.dev"; dns.query; content:"dns.xivilay.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2241, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yu.dev"; dns.query; content:"dns.yu.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2242, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zabolotskikh.dev"; dns.query; content:"zabolotskikh.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2243, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zion.dev"; dns.query; content:"dns.zion.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2244, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast2.servers.censurfridns.dk"; dns.query; content:"unicast2.servers.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2245, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nielsenhost.dk"; dns.query; content:"adguard.nielsenhost.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2246, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.rasmusminde.dk"; dns.query; content:"doh.rasmusminde.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2247, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.uncensoreddns.dk"; dns.query; content:"anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2248, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.uncensoreddns.dk"; dns.query; content:"deic-lgb.anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2249, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.uncensoreddns.dk"; dns.query; content:"kracon.anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2250, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.uncensoreddns.dk"; dns.query; content:"rgnet-iad.anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2251, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.uncensoreddns.dk"; dns.query; content:"unicast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2252, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beacon.dog"; dns.query; content:"beacon.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27992253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2253, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for btb.dog"; dns.query; content:"btb.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27992254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2254, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.solutics.ec"; dns.query; content:"ns.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27992255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2255, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.l6.ee"; dns.query; content:"dns.l6.ee"; nocase; fast_pattern; classtype:bad-unknown; sid:27992256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2256, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tick.ee"; dns.query; content:"dns.tick.ee"; nocase; fast_pattern; classtype:bad-unknown; sid:27992257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2257, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.abgnetwork.es"; dns.query; content:"vps.abgnetwork.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27992258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2258, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.esnube.es"; dns.query; content:"dns.esnube.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27992259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2259, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for genscorp.es"; dns.query; content:"genscorp.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27992260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2260, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sacarino.es"; dns.query; content:"sacarino.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27992261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2261, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.titov.es"; dns.query; content:"adguard.titov.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27992262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2262, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.11i.eu"; dns.query; content:"1.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2263, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.11i.eu"; dns.query; content:"2.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2264, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3.11i.eu"; dns.query; content:"3.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2265, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alanpearce.eu"; dns.query; content:"dns.alanpearce.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2266, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.almir1904.eu"; dns.query; content:"dns01.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2267, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns02.almir1904.eu"; dns.query; content:"dns02.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2268, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns03.almir1904.eu"; dns.query; content:"dns03.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2269, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.almir1904.eu"; dns.query; content:"doh.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2270, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.almir1904.eu"; dns.query; content:"doh2.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2271, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh3.almir1904.eu"; dns.query; content:"doh3.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2272, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.basthorst.eu"; dns.query; content:"home.basthorst.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2273, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.danielnet.eu"; dns.query; content:"dns.danielnet.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2274, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xyz.ddnss.eu"; dns.query; content:"dns.xyz.ddnss.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2275, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.felixf.eu"; dns.query; content:"ag.felixf.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2276, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hgrps.eu"; dns.query; content:"hgrps.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2277, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.hgrps.eu"; dns.query; content:"www.hgrps.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2278, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.i6p.eu"; dns.query; content:"dns.i6p.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2279, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.leadseason.eu"; dns.query; content:"adguard.leadseason.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2280, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mfimail.eu"; dns.query; content:"mfimail.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2281, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.mfimail.eu"; dns.query; content:"www.mfimail.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2282, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mihalcea.eu"; dns.query; content:"dns.mihalcea.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2283, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydevpn.eu"; dns.query; content:"mydevpn.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2284, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.orencak.eu"; dns.query; content:"dns.orencak.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2285, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rhscz.eu"; dns.query; content:"dns.rhscz.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2286, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.rhscz.eu"; dns.query; content:"dns1.rhscz.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2287, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.rhscz.eu"; dns.query; content:"dns2.rhscz.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2288, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sa-sa.eu"; dns.query; content:"doh.sa-sa.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2289, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doq.sa-sa.eu"; dns.query; content:"doq.sa-sa.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2290, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.safko.eu"; dns.query; content:"dns.safko.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2291, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for svg33.eu"; dns.query; content:"svg33.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2292, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.svg33.eu"; dns.query; content:"www.svg33.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2293, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads.therman.eu"; dns.query; content:"ads.therman.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2294, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tooizi.eu"; dns.query; content:"dns.tooizi.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2295, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1.ufamax.eu"; dns.query; content:"v1.ufamax.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2296, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wallura.eu"; dns.query; content:"adguard.wallura.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2297, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adsfysdfgiuy.ydns.eu"; dns.query; content:"adsfysdfgiuy.ydns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2298, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.musikantit.fi"; dns.query; content:"dns.musikantit.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27992299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2299, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for barnabech.fr"; dns.query; content:"barnabech.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2300, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.barnabech.fr"; dns.query; content:"www.barnabech.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2301, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.briac-mlb.fr"; dns.query; content:"dns.briac-mlb.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2302, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fukuda.ccnt.fr"; dns.query; content:"fukuda.ccnt.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2303, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.ccnt.fr"; dns.query; content:"vpn.ccnt.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2304, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yuripe.ccnt.fr"; dns.query; content:"yuripe.ccnt.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2305, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.fr.couli.fr"; dns.query; content:"adguardhome.fr.couli.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2306, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jalexx.freeboxos.fr"; dns.query; content:"jalexx.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2307, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lilibox.freeboxos.fr"; dns.query; content:"lilibox.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2308, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcornet.freeboxos.fr"; dns.query; content:"pcornet.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2309, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fulgore.fr"; dns.query; content:"dns.fulgore.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2310, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.glbd.fr"; dns.query; content:"adguard.glbd.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2311, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jamessou.jamesferrand.fr"; dns.query; content:"jamessou.jamesferrand.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2312, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proxjdf.jamesferrand.fr"; dns.query; content:"proxjdf.jamesferrand.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2313, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for le-mesle.fr"; dns.query; content:"le-mesle.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2314, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for douglas.mebrak.fr"; dns.query; content:"douglas.mebrak.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2315, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nexashield.fr"; dns.query; content:"nexashield.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2316, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.octoworld.fr"; dns.query; content:"dns.octoworld.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2317, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.patrick-antoine.fr"; dns.query; content:"nas.patrick-antoine.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2318, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bit.psyk.fr"; dns.query; content:"bit.psyk.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2319, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.psyk.fr"; dns.query; content:"dns.psyk.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2320, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qkc.fr"; dns.query; content:"dns.qkc.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2321, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.r01.fr"; dns.query; content:"home.r01.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2322, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.req1.fr"; dns.query; content:"dns.req1.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2323, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wg.req1.fr"; dns.query; content:"wg.req1.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2324, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.spyrisk.fr"; dns.query; content:"adguard.spyrisk.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2325, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.srv-home.fr"; dns.query; content:"dns2.srv-home.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2326, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.streamlas.fr"; dns.query; content:"adguard.streamlas.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2327, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.teaminfo.fr"; dns.query; content:"dns.teaminfo.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2328, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tondns.fr"; dns.query; content:"tondns.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2329, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.visbran.fr"; dns.query; content:"ad.visbran.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2330, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn0109.voodonline.fr"; dns.query; content:"vpn0109.voodonline.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2331, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vrehm.fr"; dns.query; content:"vrehm.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2332, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vrehm.fr"; dns.query; content:"adguard.vrehm.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2333, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lfbn-gre-1-319-7.w90-112.abo.wanadoo.fr"; dns.query; content:"lfbn-gre-1-319-7.w90-112.abo.wanadoo.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2334, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.warrior.fr"; dns.query; content:"dns.warrior.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2335, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb-wan.xaoimoon.fr"; dns.query; content:"adb-wan.xaoimoon.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2336, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zarchbox.fr"; dns.query; content:"dns.zarchbox.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2337, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fun"; dns.query; content:"adguard.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2338, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dupatruwi22.fun"; dns.query; content:"dupatruwi22.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2339, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dupatruwi22.fun"; dns.query; content:"www.dupatruwi22.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2340, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ebrilo.fun"; dns.query; content:"ebrilo.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2341, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x.laoban.fun"; dns.query; content:"x.laoban.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2342, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adhome.maige.fun"; dns.query; content:"adhome.maige.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2343, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcgo.fun"; dns.query; content:"pcgo.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2344, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zky666.fun"; dns.query; content:"dns.zky666.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2345, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ams.core.access.zznet.fun"; dns.query; content:"ams.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2346, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra.core.access.zznet.fun"; dns.query; content:"fra.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2347, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg.core.access.zznet.fun"; dns.query; content:"hkg.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2348, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lax.core.access.zznet.fun"; dns.query; content:"lax.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2349, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nrt.core.access.zznet.fun"; dns.query; content:"nrt.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2350, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sin.core.access.zznet.fun"; dns.query; content:"sin.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2351, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd.core.access.zznet.fun"; dns.query; content:"syd.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2352, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg2.edge.access.zznet.fun"; dns.query; content:"hkg2.edge.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2353, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sin2.edge.access.zznet.fun"; dns.query; content:"sin2.edge.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2354, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for defendfrienddns.fyi"; dns.query; content:"defendfrienddns.fyi"; nocase; fast_pattern; classtype:bad-unknown; sid:27992355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2355, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads.salzts.gay"; dns.query; content:"ads.salzts.gay"; nocase; fast_pattern; classtype:bad-unknown; sid:27992356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2356, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.zscale.gq"; dns.query; content:"d.zscale.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27992357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2357, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tolink.group"; dns.query; content:"dns.tolink.group"; nocase; fast_pattern; classtype:bad-unknown; sid:27992358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2358, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mickedi.isgood.host"; dns.query; content:"mickedi.isgood.host"; nocase; fast_pattern; classtype:bad-unknown; sid:27992359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2359, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v971850.macloud.host"; dns.query; content:"v971850.macloud.host"; nocase; fast_pattern; classtype:bad-unknown; sid:27992360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2360, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ivica-vulas.from.hr"; dns.query; content:"ivica-vulas.from.hr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2361, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for service.f170137e.icu"; dns.query; content:"service.f170137e.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2362, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-nnss.ppleg.icu"; dns.query; content:"hk-nnss.ppleg.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2363, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkcf-nnss.ppleg.icu"; dns.query; content:"hkcf-nnss.ppleg.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2364, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for js-nnss.ppleg.icu"; dns.query; content:"js-nnss.ppleg.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2365, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nnss.ppleg.icu"; dns.query; content:"nnss.ppleg.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2366, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pr-nnss.ppleg.icu"; dns.query; content:"pr-nnss.ppleg.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2367, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d3.shabi.icu"; dns.query; content:"d3.shabi.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2368, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-uk.su4ka.icu"; dns.query; content:"dns-uk.su4ka.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2369, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-uk2.su4ka.icu"; dns.query; content:"dns-uk2.su4ka.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2370, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sq.trin.icu"; dns.query; content:"sq.trin.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2371, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.unima.ac.id"; dns.query; content:"adguard1.unima.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2372, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.unima.ac.id"; dns.query; content:"adguard2.unima.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2373, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for open-resolver1.unima.ac.id"; dns.query; content:"open-resolver1.unima.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2374, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-lb.unpak.ac.id"; dns.query; content:"dns-lb.unpak.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2375, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cell.co.id"; dns.query; content:"adguard.cell.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2376, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.coconut.id"; dns.query; content:"block.coconut.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2377, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ezyss.id"; dns.query; content:"dns.ezyss.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2378, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lpse.minahasa.go.id"; dns.query; content:"lpse.minahasa.go.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2379, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jakinet.id"; dns.query; content:"adguard.jakinet.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2380, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for app.kepegawaiandju.id"; dns.query; content:"app.kepegawaiandju.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2381, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kepegawaiandju.id"; dns.query; content:"dns.kepegawaiandju.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2382, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisidns.4ch.my.id"; dns.query; content:"polisidns.4ch.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2383, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.basestation.my.id"; dns.query; content:"dns.basestation.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2384, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for be2aja.my.id"; dns.query; content:"be2aja.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2385, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.be2aja.my.id"; dns.query; content:"adguard.be2aja.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2386, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unifi.be2aja.my.id"; dns.query; content:"unifi.be2aja.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2387, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dodhymikrotik.my.id"; dns.query; content:"dns.dodhymikrotik.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2388, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.freddys.my.id"; dns.query; content:"dns.freddys.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2389, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for math.netlab.my.id"; dns.query; content:"math.netlab.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2390, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.presencebuggy.my.id"; dns.query; content:"dns.presencebuggy.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2391, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ramsky.my.id"; dns.query; content:"dns.ramsky.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2392, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.repinger.my.id"; dns.query; content:"dns.repinger.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2393, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh2.server.my.id"; dns.query; content:"agh2.server.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2394, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard-jkt-225.glosindo.net.id"; dns.query; content:"guard-jkt-225.glosindo.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2395, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.gms.net.id"; dns.query; content:"dns2.gms.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2396, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.palapa.net.id"; dns.query; content:"doh.palapa.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2397, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homelab.terabit.net.id"; dns.query; content:"homelab.terabit.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2398, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filter.das.sch.id"; dns.query; content:"filter.das.sch.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2399, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jsd.web.id"; dns.query; content:"dns.jsd.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2400, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for panser.web.id"; dns.query; content:"panser.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2401, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for web-rated.ie"; dns.query; content:"web-rated.ie"; nocase; fast_pattern; classtype:bad-unknown; sid:27992402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2402, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pg.web-rated.ie"; dns.query; content:"pg.web-rated.ie"; nocase; fast_pattern; classtype:bad-unknown; sid:27992403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2403, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jean.im"; dns.query; content:"dns.jean.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27992404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2404, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1b.ns.ozer.im"; dns.query; content:"1b.ns.ozer.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27992405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2405, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unp.im"; dns.query; content:"unp.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27992406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2406, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for y3suyx0cg2lewi2dmn.advaitghaisas.in"; dns.query; content:"y3suyx0cg2lewi2dmn.advaitghaisas.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2407, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rootdns.anir0y.in"; dns.query; content:"rootdns.anir0y.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2408, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sols.co.in"; dns.query; content:"sols.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2409, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.srinivasrao.co.in"; dns.query; content:"dns.srinivasrao.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2410, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.deekshith.in"; dns.query; content:"dns.deekshith.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2411, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fahr.in"; dns.query; content:"dns.fahr.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2412, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for libye.in"; dns.query; content:"libye.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2413, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for h.ra3.in"; dns.query; content:"h.ra3.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2414, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for micro.alloxr.info"; dns.query; content:"micro.alloxr.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2415, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.micro.alloxr.info"; dns.query; content:"dns.micro.alloxr.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2416, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.baltes.info"; dns.query; content:"adguard.baltes.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2417, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bilidon.info"; dns.query; content:"bilidon.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2418, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.bilidon.info"; dns.query; content:"www.bilidon.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2419, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.chlaebi.info"; dns.query; content:"www.chlaebi.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2420, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bilidon.dnsuser.info"; dns.query; content:"bilidon.dnsuser.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2421, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.fastpacefixit.info"; dns.query; content:"adh.fastpacefixit.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2422, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lorc17-dns.komeho.info"; dns.query; content:"lorc17-dns.komeho.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2423, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.llthtt1.info"; dns.query; content:"home.llthtt1.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2424, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lmir.info"; dns.query; content:"dns.lmir.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2425, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xpen.ns01.info"; dns.query; content:"xpen.ns01.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2426, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for defsnldns01.sc-hosting.info"; dns.query; content:"defsnldns01.sc-hosting.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2427, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for selsby.info"; dns.query; content:"selsby.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2428, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hee.ink"; dns.query; content:"dns.hee.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27992429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2429, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pub.hsuan.ink"; dns.query; content:"pub.hsuan.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27992430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2430, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.jtt.ink"; dns.query; content:"b.jtt.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27992431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2431, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zzz.luigi.ink"; dns.query; content:"zzz.luigi.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27992432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2432, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.aflr.io"; dns.query; content:"blackhole.aflr.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2433, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.ak42.io"; dns.query; content:"vps.ak42.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2434, updated_at 2025_03_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.bortus.io"; dns.query; content:"dns2.bortus.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2435, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a5135324.csie.io"; dns.query; content:"a5135324.csie.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2436, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.dedyn.io"; dns.query; content:"adns.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2437, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frank-web.dedyn.io"; dns.query; content:"frank-web.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2438, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for k03.dedyn.io"; dns.query; content:"k03.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2439, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.skous.dedyn.io"; dns.query; content:"adguard.skous.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2440, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-fra.linode.haberl.io"; dns.query; content:"adguard-fra.linode.haberl.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2441, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.luther.io"; dns.query; content:"home.luther.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2442, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mafyuh.io"; dns.query; content:"dns.mafyuh.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2443, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps4.scho.io"; dns.query; content:"vps4.scho.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2444, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.supercluster.io"; dns.query; content:"dns.supercluster.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2445, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.tcpu.io"; dns.query; content:"adguard.tcpu.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2446, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.vdl.io"; dns.query; content:"noads.vdl.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2447, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-rs.whalebone.io"; dns.query; content:"doh-rs.whalebone.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2448, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ai6.ir"; dns.query; content:"dns.ai6.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2449, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.deghy.ir"; dns.query; content:"de.deghy.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2450, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for th1.dnsfinder.ir"; dns.query; content:"th1.dnsfinder.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2451, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for docker-hub.ir"; dns.query; content:"docker-hub.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2452, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.farakaft.ir"; dns.query; content:"dns.farakaft.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2453, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jungle-im.ir"; dns.query; content:"dns.jungle-im.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2454, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kcolspacrm.ir"; dns.query; content:"kcolspacrm.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2455, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kcolspacrm.ir"; dns.query; content:"dns.kcolspacrm.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2456, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.midping.ir"; dns.query; content:"dns.midping.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2457, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.raykat.ir"; dns.query; content:"dns.raykat.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2458, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sbstructure.ir"; dns.query; content:"dns.sbstructure.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2459, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.bruckmoser.it"; dns.query; content:"home.bruckmoser.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2460, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for flat.loisy.it"; dns.query; content:"flat.loisy.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2461, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas-fusion.loisy.it"; dns.query; content:"nas-fusion.loisy.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2462, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.servizimv.it"; dns.query; content:"dns.servizimv.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2463, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.stefanoperna.it"; dns.query; content:"nas.stefanoperna.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2464, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1-secure.wifire.it"; dns.query; content:"dns1-secure.wifire.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2465, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2-secure.wifire.it"; dns.query; content:"dns2-secure.wifire.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2466, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tngch.mydns.jp"; dns.query; content:"tngch.mydns.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27992467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2467, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tngch.mydns.jp"; dns.query; content:"dns.tngch.mydns.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27992468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2468, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tk2-404-43267.vs.sakura.ne.jp"; dns.query; content:"tk2-404-43267.vs.sakura.ne.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27992469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2469, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.poly-tank.jp"; dns.query; content:"vps.poly-tank.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27992470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2470, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xn--85w848a.jp"; dns.query; content:"xn--85w848a.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27992471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2471, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xie.ke"; dns.query; content:"xie.ke"; nocase; fast_pattern; classtype:bad-unknown; sid:27992472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2472, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sung-il.kim"; dns.query; content:"dns.sung-il.kim"; nocase; fast_pattern; classtype:bad-unknown; sid:27992473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2473, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dhlifeus-micro1.dns.3456.kr"; dns.query; content:"dhlifeus-micro1.dns.3456.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2474, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eliv.co.kr"; dns.query; content:"dns.eliv.co.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2475, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.hjk.kr"; dns.query; content:"ns.hjk.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2476, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.hjk.kr"; dns.query; content:"ns1.hjk.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2477, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hjk.kr"; dns.query; content:"ns2.hjk.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2478, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.3am.la"; dns.query; content:"dns.3am.la"; nocase; fast_pattern; classtype:bad-unknown; sid:27992479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2479, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.delage.li"; dns.query; content:"nas.delage.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27992480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2480, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.hofi.li"; dns.query; content:"adguard.hofi.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27992481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2481, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hva.li"; dns.query; content:"dns.hva.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27992482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2482, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for solution.w10.life"; dns.query; content:"solution.w10.life"; nocase; fast_pattern; classtype:bad-unknown; sid:27992483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2483, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfreedns.link"; dns.query; content:"adfreedns.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2484, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atsilva.link"; dns.query; content:"atsilva.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2485, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.atsilva.link"; dns.query; content:"dns.atsilva.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2486, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.filatov.link"; dns.query; content:"vps.filatov.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2487, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guidetoworld.link"; dns.query; content:"guidetoworld.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2488, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d1.insec.link"; dns.query; content:"d1.insec.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2489, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pmxu.link"; dns.query; content:"dns.pmxu.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2490, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nephos.rocksolidtech.link"; dns.query; content:"nephos.rocksolidtech.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2491, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for acomit.lk"; dns.query; content:"acomit.lk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2492, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.acomit.lk"; dns.query; content:"www.acomit.lk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2493, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cha.bigbackend.lol"; dns.query; content:"cha.bigbackend.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27992494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2494, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ralfs-dns.dsh.lol"; dns.query; content:"ralfs-dns.dsh.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27992495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2495, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eastjoin.lol"; dns.query; content:"eastjoin.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27992496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2496, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.qyo.lol"; dns.query; content:"adguard.qyo.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27992497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2497, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beacon.fengli.love"; dns.query; content:"beacon.fengli.love"; nocase; fast_pattern; classtype:bad-unknown; sid:27992498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2498, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ahyxluo.ltd"; dns.query; content:"dns.ahyxluo.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27992499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2499, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.manish.ltd"; dns.query; content:"doh.manish.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27992500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2500, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crd.circl.lu"; dns.query; content:"crd.circl.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2501, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for remote.kleofass.lv"; dns.query; content:"remote.kleofass.lv"; nocase; fast_pattern; classtype:bad-unknown; sid:27992502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2502, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.anuar.me"; dns.query; content:"dns2.anuar.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2503, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.axto.me"; dns.query; content:"dns.axto.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2504, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.beliefanx.me"; dns.query; content:"guard.beliefanx.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2505, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.biliun.me"; dns.query; content:"dns.biliun.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2506, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.bluenight.me"; dns.query; content:"adg.bluenight.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2507, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ch01adguardho.me"; dns.query; content:"ch01adguardho.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2508, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chriscsc.me"; dns.query; content:"dns.chriscsc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2509, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cnblw.me"; dns.query; content:"dns.cnblw.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2510, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.corpa.me"; dns.query; content:"doh.corpa.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2511, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve.corpa.me"; dns.query; content:"resolve.corpa.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2512, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cristianocosta.me"; dns.query; content:"cristianocosta.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2513, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.ddns.me"; dns.query; content:"mydns.ddns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2514, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ebpmc.diskstation.me"; dns.query; content:"ebpmc.diskstation.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2515, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dragon0697.me"; dns.query; content:"dns.dragon0697.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2516, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for emmmmm.me"; dns.query; content:"emmmmm.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2517, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.g-s-a.me"; dns.query; content:"vpn.g-s-a.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2518, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sm5q237c0.g666gle.me"; dns.query; content:"sm5q237c0.g666gle.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2519, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.haoxuan.me"; dns.query; content:"dns.haoxuan.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2520, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hdnsadguardhome.me"; dns.query; content:"hdnsadguardhome.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2521, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.hjk.me"; dns.query; content:"ns.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2522, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.hjk.me"; dns.query; content:"ns1.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2523, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hjk.me"; dns.query; content:"ns2.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2524, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpdns.hker.me"; dns.query; content:"jpdns.hker.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2525, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.johndave.me"; dns.query; content:"adguard.johndave.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2526, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.josephyap.me"; dns.query; content:"agh.josephyap.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2527, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.khi.me"; dns.query; content:"dns.khi.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2528, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.koshin.me"; dns.query; content:"dns.koshin.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2529, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kostydenis.me"; dns.query; content:"dns.kostydenis.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2530, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.kostydenis.me"; dns.query; content:"dns1.kostydenis.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2531, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kyy.me"; dns.query; content:"dns.kyy.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2532, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mastergad.me"; dns.query; content:"mastergad.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2533, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-home.myddns.me"; dns.query; content:"adguard-home.myddns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2534, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oculta.me"; dns.query; content:"oculta.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2535, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privpn.me"; dns.query; content:"privpn.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2536, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pyry.me"; dns.query; content:"doh.pyry.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2537, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rjls.me"; dns.query; content:"dns.rjls.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2538, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.root.me"; dns.query; content:"dns.root.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2539, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for f1.dns.s3cure.me"; dns.query; content:"f1.dns.s3cure.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2540, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.stevenfamy.me"; dns.query; content:"adguard.stevenfamy.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2541, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bucheli.synology.me"; dns.query; content:"bucheli.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2542, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chlaebi.synology.me"; dns.query; content:"chlaebi.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2543, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hockaday.synology.me"; dns.query; content:"hockaday.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2544, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for siddeus.synology.me"; dns.query; content:"siddeus.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2545, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for woalongit.synology.me"; dns.query; content:"woalongit.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2546, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tb4.me"; dns.query; content:"dns.tb4.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2547, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.timboeh.me"; dns.query; content:"dns.timboeh.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2548, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.trevorpease.me"; dns.query; content:"adguard.trevorpease.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2549, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.vinc.me"; dns.query; content:"dns2.vinc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2550, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xydustc.me"; dns.query; content:"dns.xydustc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2551, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wdnts.ml"; dns.query; content:"dns.wdnts.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2552, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ota.moe"; dns.query; content:"adguard.ota.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2553, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.ota.moe"; dns.query; content:"adguard2.ota.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2554, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard3.ota.moe"; dns.query; content:"adguard3.ota.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2555, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard4.ota.moe"; dns.query; content:"adguard4.ota.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27992556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2556, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vaguthu.mv"; dns.query; content:"dns.vaguthu.mv"; nocase; fast_pattern; classtype:bad-unknown; sid:27992557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2557, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for isekai.anime.com.my"; dns.query; content:"isekai.anime.com.my"; nocase; fast_pattern; classtype:bad-unknown; sid:27992558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2558, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.securifi.com.my"; dns.query; content:"cloud.securifi.com.my"; nocase; fast_pattern; classtype:bad-unknown; sid:27992559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2559, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bh.wael.name"; dns.query; content:"bh.wael.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27992560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2560, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for box.wael.name"; dns.query; content:"box.wael.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27992561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2561, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wael.name"; dns.query; content:"dns.wael.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27992562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2562, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.3dcapitaltrust.net"; dns.query; content:"dns.3dcapitaltrust.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2563, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.5ive.net"; dns.query; content:"dns.5ive.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2564, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arches-srv1.8ws.net"; dns.query; content:"arches-srv1.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2565, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arches-srv2.8ws.net"; dns.query; content:"arches-srv2.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2566, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outie.8ws.net"; dns.query; content:"outie.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2567, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outiejr.8ws.net"; dns.query; content:"outiejr.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2568, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.addres.net"; dns.query; content:"dns.addres.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2569, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.airns.net"; dns.query; content:"dns.airns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2570, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for diskstation.alexpollard.net"; dns.query; content:"diskstation.alexpollard.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2571, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for management.alexpollard.net"; dns.query; content:"management.alexpollard.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2572, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.amonsul.net"; dns.query; content:"doh.amonsul.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2573, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.amscenter.net"; dns.query; content:"adguard.amscenter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2574, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.apexhost.net"; dns.query; content:"adguard01.apexhost.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2575, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.as203038.net"; dns.query; content:"resolver.as203038.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2576, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fennec.blackyfox.net"; dns.query; content:"fennec.blackyfox.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2577, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brionesserver.net"; dns.query; content:"dns.brionesserver.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2578, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.chancecallahan.net"; dns.query; content:"adguard.chancecallahan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2579, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adghome.charleschan.net"; dns.query; content:"adghome.charleschan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2580, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-us1.cloudmini.net"; dns.query; content:"adguard-us1.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2581, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-us2.cloudmini.net"; dns.query; content:"adguard-us2.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2582, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-vn1.cloudmini.net"; dns.query; content:"adguard-vn1.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2583, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.cloudmini.net"; dns.query; content:"adguard2.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2584, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itsec.crolla.net"; dns.query; content:"dns.itsec.crolla.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2585, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.cybrespace.net"; dns.query; content:"dns2.cybrespace.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2586, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cylee.net"; dns.query; content:"cylee.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2587, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr.dalockd.net"; dns.query; content:"fr.dalockd.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2588, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.danamas.net"; dns.query; content:"dns.danamas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2589, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for logs.danamas.net"; dns.query; content:"logs.danamas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2590, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.daryllswer.net"; dns.query; content:"dns.daryllswer.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2591, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-blr.daryllswer.net"; dns.query; content:"dns-blr.daryllswer.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2592, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi.daryllswer.net"; dns.query; content:"pi.daryllswer.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2593, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for daverotaquio.net"; dns.query; content:"daverotaquio.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2594, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardnic.ddns.net"; dns.query; content:"adguardnic.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2595, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adsfree.ddns.net"; dns.query; content:"adsfree.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2596, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an81.ddns.net"; dns.query; content:"an81.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2597, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for archie-vps.ddns.net"; dns.query; content:"archie-vps.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2598, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for batshitcrazy.ddns.net"; dns.query; content:"batshitcrazy.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2599, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for djtesok.ddns.net"; dns.query; content:"djtesok.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2600, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvs.ddns.net"; dns.query; content:"dnsvs.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2601, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gmf-dns.ddns.net"; dns.query; content:"gmf-dns.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2602, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gmf2.ddns.net"; dns.query; content:"gmf2.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2603, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for huynh0201.ddns.net"; dns.query; content:"huynh0201.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2604, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for inadsware.ddns.net"; dns.query; content:"inadsware.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2605, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kwas24izynek74.ddns.net"; dns.query; content:"kwas24izynek74.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2606, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leochen-dns.ddns.net"; dns.query; content:"leochen-dns.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2607, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mzs1.ddns.net"; dns.query; content:"mzs1.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2608, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nicknarayong.ddns.net"; dns.query; content:"nicknarayong.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2609, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nicktruehome.ddns.net"; dns.query; content:"nicktruehome.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2610, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pccoach.ddns.net"; dns.query; content:"pccoach.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2611, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pqh.ddns.net"; dns.query; content:"pqh.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2612, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roades.ddns.net"; dns.query; content:"roades.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2613, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for robertfenyiner.ddns.net"; dns.query; content:"robertfenyiner.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2614, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ronaldvkrueger.ddns.net"; dns.query; content:"ronaldvkrueger.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2615, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sarawut.ddns.net"; dns.query; content:"sarawut.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2616, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seanyan.ddns.net"; dns.query; content:"seanyan.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2617, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sorephie-dns2.ddns.net"; dns.query; content:"sorephie-dns2.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2618, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t1416vinhome.ddns.net"; dns.query; content:"t1416vinhome.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2619, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for towman.ddns.net"; dns.query; content:"towman.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2620, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for travis90x.ddns.net"; dns.query; content:"travis90x.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2621, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trytackle.ddns.net"; dns.query; content:"trytackle.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2622, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ublock-dnsmobile.ddns.net"; dns.query; content:"ublock-dnsmobile.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2623, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wanam.ddns.net"; dns.query; content:"wanam.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2624, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zoopark-vpn.ddns.net"; dns.query; content:"zoopark-vpn.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2625, updated_at 2025_03_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rennes.despagne.net"; dns.query; content:"adguard.rennes.despagne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2626, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.isp.dhoho.net"; dns.query; content:"dns.isp.dhoho.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2627, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mikrobill.dns-cloud.net"; dns.query; content:"mikrobill.dns-cloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2628, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dove485.dns-dynamic.net"; dns.query; content:"dove485.dns-dynamic.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2629, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proariel.dns-dynamic.net"; dns.query; content:"proariel.dns-dynamic.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2630, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ccadguard.dynu.net"; dns.query; content:"ccadguard.dynu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2631, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ekhozie.dynu.net"; dns.query; content:"adguard.ekhozie.dynu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2632, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for flyloadguard.dynu.net"; dns.query; content:"flyloadguard.dynu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2633, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for quangdo92.dynu.net"; dns.query; content:"quangdo92.dynu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2634, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nasiron.dynv6.net"; dns.query; content:"nasiron.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2635, updated_at 2025_03_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for newblader2k.dynv6.net"; dns.query; content:"newblader2k.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2636, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdns.elecura.net"; dns.query; content:"pdns.elecura.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2637, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.enderblocks.net"; dns.query; content:"dns.enderblocks.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2638, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fanscloud.net"; dns.query; content:"fanscloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2639, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.fanscloud.net"; dns.query; content:"www.fanscloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2640, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for faradns.net"; dns.query; content:"faradns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2641, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for faradns2.net"; dns.query; content:"faradns2.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2642, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fgbk.net"; dns.query; content:"dns.fgbk.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2643, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for isolacje.homeip.net"; dns.query; content:"isolacje.homeip.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2644, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.hosting-cloud.net"; dns.query; content:"resolver1.hosting-cloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2645, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.hosting-cloud.net"; dns.query; content:"resolver2.hosting-cloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2646, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iblockads.net"; dns.query; content:"dns.iblockads.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2647, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.it-pa.net"; dns.query; content:"dns.it-pa.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2648, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securifi.jagalabs.net"; dns.query; content:"securifi.jagalabs.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2649, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for green2.jnraptor.net"; dns.query; content:"green2.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2650, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for green3.jnraptor.net"; dns.query; content:"green3.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2651, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for green4.jnraptor.net"; dns.query; content:"green4.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2652, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for layer1.jnraptor.net"; dns.query; content:"layer1.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2653, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi4.jnraptor.net"; dns.query; content:"pi4.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2654, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps2.jnraptor.net"; dns.query; content:"vps2.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2655, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.njy.jsanagustin.net"; dns.query; content:"adguard1.njy.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2656, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.just-hosting.net"; dns.query; content:"dns.just-hosting.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2657, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.karfamily.net"; dns.query; content:"dns.karfamily.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2658, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.kreonet.net"; dns.query; content:"adns.kreonet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2659, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads-eu.landgame.net"; dns.query; content:"ads-eu.landgame.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2660, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.leadmon.net"; dns.query; content:"adguard2.leadmon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2661, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgaurd.lingmont.net"; dns.query; content:"adgaurd.lingmont.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2662, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mfud.net"; dns.query; content:"dns.mfud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2663, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moonwx.net"; dns.query; content:"dns.moonwx.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2664, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moraru.net"; dns.query; content:"dns.moraru.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2665, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for docker.zhczax50pzofm4g4.myfritz.net"; dns.query; content:"docker.zhczax50pzofm4g4.myfritz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2666, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-dub-w-f-2.nashkan.net"; dns.query; content:"ae-dub-w-f-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2667, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-dub-w-p-1.nashkan.net"; dns.query; content:"ae-dub-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2668, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-1.nashkan.net"; dns.query; content:"ae-fuj-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2669, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-2.nashkan.net"; dns.query; content:"ae-fuj-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2670, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-3.nashkan.net"; dns.query; content:"ae-fuj-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2671, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-4.nashkan.net"; dns.query; content:"ae-fuj-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2672, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for at-wie-w-2.nashkan.net"; dns.query; content:"at-wie-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2673, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-2.nashkan.net"; dns.query; content:"au-syd-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2674, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-3.nashkan.net"; dns.query; content:"au-syd-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2675, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-p-1.nashkan.net"; dns.query; content:"au-syd-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2676, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bg-sof-w-3.nashkan.net"; dns.query; content:"bg-sof-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2677, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-bhs-w-2.nashkan.net"; dns.query; content:"ca-bhs-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2678, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ch-zur-w-1.nashkan.net"; dns.query; content:"ch-zur-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2679, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cz-pra-w-1.nashkan.net"; dns.query; content:"cz-pra-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2680, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-2.nashkan.net"; dns.query; content:"de-fsn-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2681, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-f-1.nashkan.net"; dns.query; content:"de-fsn-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2682, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-f-2.nashkan.net"; dns.query; content:"de-fsn-w-f-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2683, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-f-3.nashkan.net"; dns.query; content:"de-fsn-w-f-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2684, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dk-cop-w-1.nashkan.net"; dns.query; content:"dk-cop-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2685, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi-hel-w-1.nashkan.net"; dns.query; content:"fi-hel-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2686, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi-hel-w-2.nashkan.net"; dns.query; content:"fi-hel-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2687, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi-hel-w-p-1.nashkan.net"; dns.query; content:"fi-hel-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2688, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-par-w-1.nashkan.net"; dns.query; content:"fr-par-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2689, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-sbg-w-4.nashkan.net"; dns.query; content:"fr-sbg-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2690, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-bir-w-1.nashkan.net"; dns.query; content:"gb-bir-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2691, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-cov-w-1.nashkan.net"; dns.query; content:"gb-cov-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2692, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-1.nashkan.net"; dns.query; content:"gb-lon-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2693, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-4.nashkan.net"; dns.query; content:"gb-lon-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2694, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id-pon-w-1.nashkan.net"; dns.query; content:"id-pon-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2695, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ie-dub-w-1.nashkan.net"; dns.query; content:"ie-dub-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2696, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for it-pal-w-1.nashkan.net"; dns.query; content:"it-pal-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2697, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-tyo-w-1.nashkan.net"; dns.query; content:"jp-tyo-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2698, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kz-alm-w-1.nashkan.net"; dns.query; content:"kz-alm-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2699, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lt-vil-w-2.nashkan.net"; dns.query; content:"lt-vil-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2700, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lt-vil-w-3.nashkan.net"; dns.query; content:"lt-vil-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2701, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv-rig-w-2.nashkan.net"; dns.query; content:"lv-rig-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2702, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams-w-3.nashkan.net"; dns.query; content:"nl-ams-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2703, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for no-osl-w-1.nashkan.net"; dns.query; content:"no-osl-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2704, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-1.nashkan.net"; dns.query; content:"pl-waw-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2705, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-2.nashkan.net"; dns.query; content:"pl-waw-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2706, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-f-1.nashkan.net"; dns.query; content:"pl-waw-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2707, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-p-1.nashkan.net"; dns.query; content:"pl-waw-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2708, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-p-2.nashkan.net"; dns.query; content:"pl-waw-w-p-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2709, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ps-tel-w-2.nashkan.net"; dns.query; content:"ps-tel-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2710, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pt-lis-w-1.nashkan.net"; dns.query; content:"pt-lis-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2711, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ro-buc-w-2.nashkan.net"; dns.query; content:"ro-buc-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2712, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mos-w-2.nashkan.net"; dns.query; content:"ru-mos-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2713, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mos-w-p-1.nashkan.net"; dns.query; content:"ru-mos-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2714, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for se-sto-w-2.nashkan.net"; dns.query; content:"se-sto-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2715, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-1.nashkan.net"; dns.query; content:"sg-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2716, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-5.nashkan.net"; dns.query; content:"sg-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2717, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-f-2.nashkan.net"; dns.query; content:"sg-w-f-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2718, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sk-bra-w-1.nashkan.net"; dns.query; content:"sk-bra-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2719, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tr-ist-w-p-2.nashkan.net"; dns.query; content:"tr-ist-w-p-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2720, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ua-kyv-w-1.nashkan.net"; dns.query; content:"ua-kyv-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2721, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-ash-w-f-1.nashkan.net"; dns.query; content:"us-ash-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2722, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-atl-w-2.nashkan.net"; dns.query; content:"us-atl-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2723, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-3.nashkan.net"; dns.query; content:"us-chi-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2724, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-4.nashkan.net"; dns.query; content:"us-chi-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2725, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-dal-w-3.nashkan.net"; dns.query; content:"us-dal-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2726, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-dal-w-4.nashkan.net"; dns.query; content:"us-dal-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2727, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-den-w-1.nashkan.net"; dns.query; content:"us-den-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2728, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-den-w-2.nashkan.net"; dns.query; content:"us-den-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2729, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-jac-w-1.nashkan.net"; dns.query; content:"us-jac-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2730, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-la-w-4.nashkan.net"; dns.query; content:"us-la-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2731, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-nyc-w-1.nashkan.net"; dns.query; content:"us-nyc-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2732, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-sea-w-5.nashkan.net"; dns.query; content:"us-sea-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2733, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-sea-w-6.nashkan.net"; dns.query; content:"us-sea-w-6.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2734, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vn-hcm-w-1.nashkan.net"; dns.query; content:"vn-hcm-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2735, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nefret.net"; dns.query; content:"dns.nefret.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2736, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.netrve.net"; dns.query; content:"dns.netrve.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2737, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg5yvi.ngatngay.net"; dns.query; content:"adg5yvi.ngatngay.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2738, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nghialele.net"; dns.query; content:"dns.nghialele.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2739, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ocedric.net"; dns.query; content:"dns.ocedric.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2740, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.officiallysp.net"; dns.query; content:"dns.officiallysp.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2741, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.otezz.net"; dns.query; content:"dns.otezz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2742, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for padermail.net"; dns.query; content:"padermail.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2743, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pioko.net"; dns.query; content:"pioko.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2744, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.powerbs.net"; dns.query; content:"dns.powerbs.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2745, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.qbak.net"; dns.query; content:"home.qbak.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2746, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ginnungagap.rabenhain.net"; dns.query; content:"ginnungagap.rabenhain.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2747, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for richardo.net"; dns.query; content:"richardo.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2748, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.richardo.net"; dns.query; content:"www.richardo.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2749, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.risrdg.net"; dns.query; content:"dns.risrdg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2750, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for samsdns1943.net"; dns.query; content:"samsdns1943.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2751, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sarakas.net"; dns.query; content:"dns.sarakas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2752, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.sarakas.net"; dns.query; content:"dns1.sarakas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2753, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.sarakas.net"; dns.query; content:"dns2.sarakas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2754, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-home.server-on.net"; dns.query; content:"adguard-home.server-on.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2755, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.servergs.net"; dns.query; content:"dns.servergs.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2756, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for moto.adg.siudzinski.net"; dns.query; content:"moto.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2757, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sams.adg.siudzinski.net"; dns.query; content:"sams.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2758, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test.adg.siudzinski.net"; dns.query; content:"test.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2759, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test2.adg.siudzinski.net"; dns.query; content:"test2.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2760, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test3.adg.siudzinski.net"; dns.query; content:"test3.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2761, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test4.adg.siudzinski.net"; dns.query; content:"test4.adg.siudzinski.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2762, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 001.smallnode.net"; dns.query; content:"001.smallnode.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2763, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.smvd.net"; dns.query; content:"dns.smvd.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2764, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.snow-sugar.net"; dns.query; content:"home.snow-sugar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2765, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myprivityvpn.softether.net"; dns.query; content:"myprivityvpn.softether.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2766, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.som-it.net"; dns.query; content:"adguard.som-it.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2767, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.spaceindex.net"; dns.query; content:"adguard.spaceindex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2768, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lajc.sytes.net"; dns.query; content:"lajc.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2769, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for virmamp33.sytes.net"; dns.query; content:"virmamp33.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2770, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.taufner.net"; dns.query; content:"adguard.taufner.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2771, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.techrich.net"; dns.query; content:"vps.techrich.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2772, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.srv.tenete.net"; dns.query; content:"agh.srv.tenete.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2773, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.tetnet.net"; dns.query; content:"adguard.tetnet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2774, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.tigrex.net"; dns.query; content:"adguard.tigrex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2775, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agathe.tobkar.net"; dns.query; content:"agathe.tobkar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2776, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edgar.tobkar.net"; dns.query; content:"edgar.tobkar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2777, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tomitomix.net"; dns.query; content:"dns.tomitomix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2778, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for net.tt6.net"; dns.query; content:"net.tt6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2779, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cc2.v8er.net"; dns.query; content:"cc2.v8er.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2780, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zuhause.webteufel.net"; dns.query; content:"zuhause.webteufel.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2781, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resov.wehao.net"; dns.query; content:"resov.wehao.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2782, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls.windyvale.net"; dns.query; content:"tls.windyvale.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2783, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.wntrmute.net"; dns.query; content:"ag.wntrmute.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2784, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yeralin.net"; dns.query; content:"yeralin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2785, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yuu-g.net"; dns.query; content:"dns.yuu-g.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2786, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lookup.zucx.net"; dns.query; content:"lookup.zucx.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2787, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b33.network"; dns.query; content:"dns.b33.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2788, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nominal.network"; dns.query; content:"dns.nominal.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2789, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.wyss.network"; dns.query; content:"dns1.wyss.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2790, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for next.miao.ninja"; dns.query; content:"next.miao.ninja"; nocase; fast_pattern; classtype:bad-unknown; sid:27992791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2791, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adbl-tslagter.nl"; dns.query; content:"adbl-tslagter.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2792, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.bit-trails.nl"; dns.query; content:"ns1.bit-trails.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2793, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.boykevanvugt.nl"; dns.query; content:"adguard.boykevanvugt.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2794, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dlinders.nl"; dns.query; content:"dns.dlinders.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2795, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dstruis.nl"; dns.query; content:"dstruis.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2796, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dstruis.nl"; dns.query; content:"www.dstruis.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2797, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fam-rodenburg.nl"; dns.query; content:"adguard.fam-rodenburg.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2798, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsupstream02.familieberfelo.nl"; dns.query; content:"dnsupstream02.familieberfelo.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2799, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for greppie.nl"; dns.query; content:"greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2800, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for laptop001.greppie.nl"; dns.query; content:"laptop001.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2801, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maikel.greppie.nl"; dns.query; content:"maikel.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2802, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for smtp.greppie.nl"; dns.query; content:"smtp.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2803, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.greppie.nl"; dns.query; content:"www.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2804, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.herkhof.nl"; dns.query; content:"dns.herkhof.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2805, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huizegunsing.nl"; dns.query; content:"dns.huizegunsing.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2806, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.infrapod.nl"; dns.query; content:"adguard.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2807, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.infrapod.nl"; dns.query; content:"adguard01.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2808, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard02.infrapod.nl"; dns.query; content:"adguard02.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2809, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.dns.infrapod.nl"; dns.query; content:"adguard01.dns.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2810, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard02.dns.infrapod.nl"; dns.query; content:"adguard02.dns.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2811, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ipoac.nl"; dns.query; content:"dns.ipoac.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2812, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for it-works4u.nl"; dns.query; content:"it-works4u.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2813, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.it-works4u.nl"; dns.query; content:"www.it-works4u.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2814, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for itworks4u.nl"; dns.query; content:"itworks4u.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2815, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.itworks4u.nl"; dns.query; content:"www.itworks4u.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2816, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for samsung.dns.joey01245.nl"; dns.query; content:"samsung.dns.joey01245.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2817, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kriswerry.nl"; dns.query; content:"dns.kriswerry.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2818, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mikopono.nl"; dns.query; content:"dns.mikopono.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2819, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rwkdwpwsyv48.mikopono.nl"; dns.query; content:"rwkdwpwsyv48.mikopono.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2820, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adf-114.neta.otrofda.nl"; dns.query; content:"adf-114.neta.otrofda.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2821, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adf-115.neta.otrofda.nl"; dns.query; content:"adf-115.neta.otrofda.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2822, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.pragmasec.nl"; dns.query; content:"mail.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2823, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for new.pragmasec.nl"; dns.query; content:"new.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2824, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.pragmasec.nl"; dns.query; content:"server.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2825, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webmeel.pragmasec.nl"; dns.query; content:"webmeel.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2826, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rdekuyper.nl"; dns.query; content:"adguard.rdekuyper.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2827, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.renedis.nl"; dns.query; content:"adblock.renedis.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2828, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rowdyengeesje.nl"; dns.query; content:"adguard.rowdyengeesje.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2829, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.schooldns.nl"; dns.query; content:"dns1.schooldns.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2830, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lux.sn0w.nl"; dns.query; content:"lux.sn0w.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2831, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tkhome.nl"; dns.query; content:"dns.tkhome.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2832, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.tmdproject.nl"; dns.query; content:"adguard.tmdproject.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2833, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server01.vboekel.nl"; dns.query; content:"server01.vboekel.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2834, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpnhellings.nl"; dns.query; content:"vpnhellings.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2835, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vpnhellings.nl"; dns.query; content:"www.vpnhellings.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2836, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private.adguard.wessels-net.nl"; dns.query; content:"private.adguard.wessels-net.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2837, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.clawsucht.nrw"; dns.query; content:"adguard.clawsucht.nrw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2838, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.censurfridns.nu"; dns.query; content:"anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2839, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.censurfridns.nu"; dns.query; content:"deic-lgb.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2840, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.censurfridns.nu"; dns.query; content:"deic-ore.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2841, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.censurfridns.nu"; dns.query; content:"kracon.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2842, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.censurfridns.nu"; dns.query; content:"rgnet-iad.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2843, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.censurfridns.nu"; dns.query; content:"unicast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2844, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for exns1.exalto.nu"; dns.query; content:"exns1.exalto.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2845, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for no-ad.levcloud.cloudns.nz"; dns.query; content:"no-ad.levcloud.cloudns.nz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2846, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zeusvps.cloudns.nz"; dns.query; content:"zeusvps.cloudns.nz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2847, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rawalker.co.nz"; dns.query; content:"dns.rawalker.co.nz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2848, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.thylacine.co.nz"; dns.query; content:"dns1.thylacine.co.nz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2849, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.thylacine.co.nz"; dns.query; content:"dns2.thylacine.co.nz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2850, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dhemant.observer"; dns.query; content:"dns.dhemant.observer"; nocase; fast_pattern; classtype:bad-unknown; sid:27992851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2851, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usname.freecdn.one"; dns.query; content:"usname.freecdn.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2852, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hoian.one"; dns.query; content:"dns.hoian.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2853, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.jiusi.one"; dns.query; content:"hk.jiusi.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2854, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server01.karl.one"; dns.query; content:"server01.karl.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2855, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for z.vipit.one"; dns.query; content:"z.vipit.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2856, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve2.vvpi.one"; dns.query; content:"resolve2.vvpi.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2857, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vape.ong"; dns.query; content:"adguard.vape.ong"; nocase; fast_pattern; classtype:bad-unknown; sid:27992858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2858, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.abdullahabas.online"; dns.query; content:"dns.abdullahabas.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2859, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for am.blgciottd.online"; dns.query; content:"am.blgciottd.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2860, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secureadguarddns.charleslondon.online"; dns.query; content:"secureadguarddns.charleslondon.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2861, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudbasesolutions.online"; dns.query; content:"cloudbasesolutions.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2862, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.ddnsddns.online"; dns.query; content:"ddns.ddnsddns.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2863, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm.delfini.online"; dns.query; content:"vm.delfini.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2864, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.drivearasaka.online"; dns.query; content:"dns.drivearasaka.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2865, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fresh-waffles.online"; dns.query; content:"adguard.fresh-waffles.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2866, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ingenmannsland.online"; dns.query; content:"ingenmannsland.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2867, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.inpssh.online"; dns.query; content:"www.inpssh.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2868, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kostik-66.online"; dns.query; content:"kostik-66.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2869, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for makear.online"; dns.query; content:"makear.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2870, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.martinmore.online"; dns.query; content:"ddns.martinmore.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2871, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for okado.online"; dns.query; content:"okado.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2872, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oxystin.online"; dns.query; content:"dns.oxystin.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2873, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdnssrvagh.online"; dns.query; content:"pdnssrvagh.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2874, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.pdnssrvagh.online"; dns.query; content:"www.pdnssrvagh.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2875, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shadowart.online"; dns.query; content:"shadowart.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2876, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vadim.online"; dns.query; content:"vadim.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2877, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xn--2grr3t07h.online"; dns.query; content:"xn--2grr3t07h.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2878, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ybs-vps.online"; dns.query; content:"ybs-vps.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2879, updated_at 2025_03_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.0w0.ooo"; dns.query; content:"d.0w0.ooo"; nocase; fast_pattern; classtype:bad-unknown; sid:27992880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2880, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.4netguides.org"; dns.query; content:"ns1.4netguides.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2881, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vir.accesscam.org"; dns.query; content:"vir.accesscam.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2882, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.acrobyte.org"; dns.query; content:"adg.acrobyte.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2883, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.acrobyte.org"; dns.query; content:"adguard.acrobyte.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2884, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blog2.amlegion.org"; dns.query; content:"blog2.amlegion.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2885, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.auffray.org"; dns.query; content:"dns.auffray.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2886, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jujuba.cafuringa.org"; dns.query; content:"jujuba.cafuringa.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2887, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.olivier-raspberrypi.changeip.org"; dns.query; content:"www.olivier-raspberrypi.changeip.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2888, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ext.devkon.org"; dns.query; content:"adguard.ext.devkon.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2889, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscity.org"; dns.query; content:"dnscity.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2890, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.dnsviewer.org"; dns.query; content:"ns.dnsviewer.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2891, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for admin.dotls.org"; dns.query; content:"admin.dotls.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2892, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an2kin-adblocker.duckdns.org"; dns.query; content:"an2kin-adblocker.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2893, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for armm.duckdns.org"; dns.query; content:"armm.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2894, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azagrahome.duckdns.org"; dns.query; content:"azagrahome.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2895, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for derekcastle.duckdns.org"; dns.query; content:"derekcastle.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2896, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dorkanddoodle.duckdns.org"; dns.query; content:"dorkanddoodle.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2897, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edelgard.duckdns.org"; dns.query; content:"edelgard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2898, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jfeoks.duckdns.org"; dns.query; content:"jfeoks.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2899, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kalwat.duckdns.org"; dns.query; content:"kalwat.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2900, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kiwifunke.duckdns.org"; dns.query; content:"kiwifunke.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2901, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kolobok2.duckdns.org"; dns.query; content:"kolobok2.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2902, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lanre.duckdns.org"; dns.query; content:"lanre.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2903, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for legoagh.duckdns.org"; dns.query; content:"legoagh.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2904, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lemonpiesite.duckdns.org"; dns.query; content:"lemonpiesite.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2905, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas1403.duckdns.org"; dns.query; content:"nas1403.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2906, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o--o.duckdns.org"; dns.query; content:"o--o.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2907, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ruviklabsdns.duckdns.org"; dns.query; content:"ruviklabsdns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2908, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sabeendns.duckdns.org"; dns.query; content:"sabeendns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2909, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for salvadoserver.duckdns.org"; dns.query; content:"salvadoserver.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2910, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shakdns.duckdns.org"; dns.query; content:"shakdns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2911, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps-amgr.duckdns.org"; dns.query; content:"vps-amgr.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2912, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wisehomeguard.duckdns.org"; dns.query; content:"wisehomeguard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2913, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for workcavestl.duckdns.org"; dns.query; content:"workcavestl.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2914, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akhilkalwakurthy.dyndns.org"; dns.query; content:"akhilkalwakurthy.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2915, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.electrotm.org"; dns.query; content:"dns.electrotm.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2916, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arm.adblocker.eu.org"; dns.query; content:"arm.adblocker.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2917, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-dns.eu.org"; dns.query; content:"adguard-dns.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2918, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beautifullife.eu.org"; dns.query; content:"beautifullife.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2919, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.beautifullife.eu.org"; dns.query; content:"www.beautifullife.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2920, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beautifulthings.eu.org"; dns.query; content:"beautifulthings.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2921, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.beautifulthings.eu.org"; dns.query; content:"www.beautifulthings.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2922, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.dns.bliod.eu.org"; dns.query; content:"jp.dns.bliod.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2923, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clic.eu.org"; dns.query; content:"clic.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2924, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudvoid.eu.org"; dns.query; content:"dns.cloudvoid.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2925, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.dns.eban.eu.org"; dns.query; content:"resolver.dns.eban.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2926, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.greenwood.eu.org"; dns.query; content:"doh.greenwood.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2927, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sweethome.in.eu.org"; dns.query; content:"sweethome.in.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2928, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fullaccesstointernet.jp.eu.org"; dns.query; content:"fullaccesstointernet.jp.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2929, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lvqing.eu.org"; dns.query; content:"dns.lvqing.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2930, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.melashri.eu.org"; dns.query; content:"dns.melashri.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2931, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v3.passby.eu.org"; dns.query; content:"v3.passby.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2932, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r1bnc.eu.org"; dns.query; content:"r1bnc.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2933, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sac.rebl.eu.org"; dns.query; content:"dns.sac.rebl.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2934, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.sukidayo.eu.org"; dns.query; content:"www.sukidayo.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2935, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tartanbahn.eu.org"; dns.query; content:"tartanbahn.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2936, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thhbdd.eu.org"; dns.query; content:"dns.thhbdd.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2937, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg2.tt502.eu.org"; dns.query; content:"sg2.tt502.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2938, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2rich.eu.org"; dns.query; content:"v2rich.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2939, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wantfreedom.eu.org"; dns.query; content:"dns.wantfreedom.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2940, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yanggan.eu.org"; dns.query; content:"yanggan.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2941, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for extratv.org"; dns.query; content:"extratv.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2942, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aydank.freeddns.org"; dns.query; content:"aydank.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2943, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drandrade21.freeddns.org"; dns.query; content:"drandrade21.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2944, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jonathanaugusto.freeddns.org"; dns.query; content:"jonathanaugusto.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2945, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for songochain.freeddns.org"; dns.query; content:"songochain.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2946, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.fatucloud.gosprout.org"; dns.query; content:"doh.fatucloud.gosprout.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2947, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi.homeanywhere.org"; dns.query; content:"pi.homeanywhere.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2948, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2wired.hopto.org"; dns.query; content:"2wired.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2949, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keithchunguat.hopto.org"; dns.query; content:"keithchunguat.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2950, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mypihole.hopto.org"; dns.query; content:"mypihole.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2951, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg.hytec.org"; dns.query; content:"hkg.hytec.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2952, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ur.hytec.org"; dns.query; content:"ur.hytec.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2953, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for josephfamily.org"; dns.query; content:"josephfamily.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2954, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pips.kpsn.org"; dns.query; content:"pips.kpsn.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2955, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.levals.org"; dns.query; content:"dns.levals.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2956, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.myddns.org"; dns.query; content:"adguard.myddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2957, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsmm.mywire.org"; dns.query; content:"dnsmm.mywire.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2958, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nelsonleung.org"; dns.query; content:"nelsonleung.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2959, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ninhs.org"; dns.query; content:"dns.ninhs.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2960, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.nnip.org"; dns.query; content:"vpn.nnip.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2961, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for daemonhunt.no-ip.org"; dns.query; content:"daemonhunt.no-ip.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2962, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nocnik.org"; dns.query; content:"adguard.nocnik.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2963, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.onlyjsmylord.org"; dns.query; content:"d.onlyjsmylord.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2964, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lmc.privatedns.org"; dns.query; content:"lmc.privatedns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2965, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lmc1.privatedns.org"; dns.query; content:"lmc1.privatedns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2966, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.resoft.org"; dns.query; content:"dns.resoft.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2967, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roades.org"; dns.query; content:"roades.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2968, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.roades.org"; dns.query; content:"ad.roades.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2969, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.roades.org"; dns.query; content:"cloud.roades.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2970, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dash.roades.org"; dns.query; content:"dash.roades.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2971, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for plex.roades.org"; dns.query; content:"plex.roades.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2972, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for portainer.roades.org"; dns.query; content:"portainer.roades.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2973, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for torrent.roades.org"; dns.query; content:"torrent.roades.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2974, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.roades.org"; dns.query; content:"www.roades.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2975, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.saferbfc.org"; dns.query; content:"dns1.saferbfc.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2976, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for moise-et-maurice-gardent-la-maison.schneiderus.org"; dns.query; content:"moise-et-maurice-gardent-la-maison.schneiderus.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2977, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.scuola.org"; dns.query; content:"dns.scuola.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2978, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homeguard.sleziona.org"; dns.query; content:"homeguard.sleziona.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2979, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darius-doh-nl.sserver.org"; dns.query; content:"darius-doh-nl.sserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2980, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.strassmair.org"; dns.query; content:"dns.strassmair.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2981, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dn5.talesam.org"; dns.query; content:"dn5.talesam.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2982, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.techmyhouse.org"; dns.query; content:"ns.techmyhouse.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2983, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au.teradns.org"; dns.query; content:"au.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2984, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yh.themcgoughs.org"; dns.query; content:"yh.themcgoughs.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2985, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.timefine.org"; dns.query; content:"ad.timefine.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2986, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ah.wahsun.org"; dns.query; content:"ah.wahsun.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2987, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xmyun.org"; dns.query; content:"dns.xmyun.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2988, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akylah.zapto.org"; dns.query; content:"akylah.zapto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2989, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for netcup.chbu.ovh"; dns.query; content:"netcup.chbu.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2990, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.favrep.ovh"; dns.query; content:"adguardhome.favrep.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2991, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spyrodragon76.fleuryk.ovh"; dns.query; content:"spyrodragon76.fleuryk.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2992, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.fleuryk.ovh"; dns.query; content:"vps.fleuryk.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2993, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ablock.fuckit.ovh"; dns.query; content:"ablock.fuckit.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2994, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for johnsson.ovh"; dns.query; content:"johnsson.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2995, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mudryi.ovh"; dns.query; content:"dns.mudryi.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2996, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.searom.ovh"; dns.query; content:"adguard.searom.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2997, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sre.ovh"; dns.query; content:"adguard.sre.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2998, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surt.ovh"; dns.query; content:"surt.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2999, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for borisov.page"; dns.query; content:"borisov.page"; nocase; fast_pattern; classtype:bad-unknown; sid:27993000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3000, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.youxi.pet"; dns.query; content:"dns.youxi.pet"; nocase; fast_pattern; classtype:bad-unknown; sid:27993001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3001, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard0808.cloudns.ph"; dns.query; content:"dns.adguard0808.cloudns.ph"; nocase; fast_pattern; classtype:bad-unknown; sid:27993002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3002, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pink"; dns.query; content:"doh.pink"; nocase; fast_pattern; classtype:bad-unknown; sid:27993003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3003, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.graphicpoint.pl"; dns.query; content:"cloud.graphicpoint.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3004, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nonanon.pl"; dns.query; content:"nonanon.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3005, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.nonanon.pl"; dns.query; content:"www.nonanon.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3006, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.api.org.pl"; dns.query; content:"noads.api.org.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3007, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps-ovh.pb2004.pl"; dns.query; content:"vps-ovh.pb2004.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3008, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.r60.pl"; dns.query; content:"ad.r60.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3009, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skrzypiec.pl"; dns.query; content:"dns.skrzypiec.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3010, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for szyrzyk.pl"; dns.query; content:"szyrzyk.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3011, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.szyrzyk.pl"; dns.query; content:"www.szyrzyk.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3012, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for domeq.waw.pl"; dns.query; content:"domeq.waw.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3013, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dds.wpme.pl"; dns.query; content:"dds.wpme.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3014, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.poster.place"; dns.query; content:"adguard.poster.place"; nocase; fast_pattern; classtype:bad-unknown; sid:27993015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3015, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ghost.pm"; dns.query; content:"dns.ghost.pm"; nocase; fast_pattern; classtype:bad-unknown; sid:27993016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3016, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ion.pm"; dns.query; content:"ion.pm"; nocase; fast_pattern; classtype:bad-unknown; sid:27993017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3017, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ch100.line.pm"; dns.query; content:"ch100.line.pm"; nocase; fast_pattern; classtype:bad-unknown; sid:27993018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3018, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for evoxt.pmm.pm"; dns.query; content:"evoxt.pmm.pm"; nocase; fast_pattern; classtype:bad-unknown; sid:27993019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3019, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adampowell.pro"; dns.query; content:"adampowell.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3020, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.energized.pro"; dns.query; content:"dns.energized.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3021, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kunagi.pro"; dns.query; content:"kunagi.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3022, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kunagi.pro"; dns.query; content:"www.kunagi.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3023, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.lab321.pro"; dns.query; content:"ns1.lab321.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3024, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for plushub.pro"; dns.query; content:"plushub.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3025, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.app.sabino.pro"; dns.query; content:"adguard.app.sabino.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3026, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.vpcore.pro"; dns.query; content:"dns2.vpcore.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3027, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adl01.dnscry.pt"; dns.query; content:"adl01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3028, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akl01.dnscry.pt"; dns.query; content:"akl01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3029, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bog01.dnscry.pt"; dns.query; content:"bog01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3030, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bru01.dnscry.pt"; dns.query; content:"bru01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3031, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bud01.dnscry.pt"; dns.query; content:"bud01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3032, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dus02.dnscry.pt"; dns.query; content:"dus02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3033, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for evn01.dnscry.pt"; dns.query; content:"evn01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3034, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for haf01.dnscry.pt"; dns.query; content:"haf01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3035, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iev01.dnscry.pt"; dns.query; content:"iev01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3036, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for isb01.dnscry.pt"; dns.query; content:"isb01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3037, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lim02.dnscry.pt"; dns.query; content:"lim02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3038, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for los01.dnscry.pt"; dns.query; content:"los01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3039, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mci01.dnscry.pt"; dns.query; content:"mci01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3040, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mow01.dnscry.pt"; dns.query; content:"mow01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3041, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ott01.dnscry.pt"; dns.query; content:"ott01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3042, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ped01.dnscry.pt"; dns.query; content:"ped01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3043, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rix01.dnscry.pt"; dns.query; content:"rix01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3044, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sel01.dnscry.pt"; dns.query; content:"sel01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3045, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd02.dnscry.pt"; dns.query; content:"syd02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3046, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tbs01.dnscry.pt"; dns.query; content:"tbs01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3047, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tlv01.dnscry.pt"; dns.query; content:"tlv01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3048, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tyo03.dnscry.pt"; dns.query; content:"tyo03.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3049, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ymq01.dnscry.pt"; dns.query; content:"ymq01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3050, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ibakerserver.pt"; dns.query; content:"dns.ibakerserver.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3051, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.end.pub"; dns.query; content:"hk.end.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27993052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3052, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iteo.pw"; dns.query; content:"dns.iteo.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3053, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kellys.pw"; dns.query; content:"dns.kellys.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3054, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.meetz.pw"; dns.query; content:"doh.meetz.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3055, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for redsea.meetz.pw"; dns.query; content:"redsea.meetz.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3056, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for craft.vps.pw"; dns.query; content:"craft.vps.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3057, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vps.pw"; dns.query; content:"dns.vps.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3058, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wuyou.pw"; dns.query; content:"wuyou.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3059, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.wuyou.pw"; dns.query; content:"www.wuyou.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3060, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.labar.re"; dns.query; content:"dns.labar.re"; nocase; fast_pattern; classtype:bad-unknown; sid:27993061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3061, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gcptw.minko.ren"; dns.query; content:"gcptw.minko.ren"; nocase; fast_pattern; classtype:bad-unknown; sid:27993062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3062, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsus.newage.rest"; dns.query; content:"dnsus.newage.rest"; nocase; fast_pattern; classtype:bad-unknown; sid:27993063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3063, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for socolov.home.ro"; dns.query; content:"socolov.home.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3064, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloud.ionutl.ro"; dns.query; content:"dns.cloud.ionutl.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3065, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itdata.ro"; dns.query; content:"dns.itdata.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3066, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vik.ro"; dns.query; content:"vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3067, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vik.ro"; dns.query; content:"adguard.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3068, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adi.adguard.vik.ro"; dns.query; content:"adi.adguard.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3069, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vik-ios.adguard.vik.ro"; dns.query; content:"vik-ios.adguard.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3070, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.vik.ro"; dns.query; content:"mail.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3071, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.vik.ro"; dns.query; content:"ns.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3072, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vik.ro"; dns.query; content:"www.vik.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3073, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nilanjan.rocks"; dns.query; content:"nilanjan.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27993074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3074, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.nilanjan.rocks"; dns.query; content:"www.nilanjan.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27993075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3075, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.onlinetools.rocks"; dns.query; content:"adns.onlinetools.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27993076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3076, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dbase.in.rs"; dns.query; content:"adguard.dbase.in.rs"; nocase; fast_pattern; classtype:bad-unknown; sid:27993077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3077, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1735r.ru"; dns.query; content:"1735r.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3078, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 51576162.ru"; dns.query; content:"51576162.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3079, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.77ll.ru"; dns.query; content:"ns.77ll.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3080, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-passage.9273082020.ru"; dns.query; content:"de-passage.9273082020.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3081, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.abppro.ru"; dns.query; content:"dns.abppro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3082, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfight.ru"; dns.query; content:"adfight.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3083, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alon93rus.ru"; dns.query; content:"alon93rus.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3084, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for link.altapo.ru"; dns.query; content:"link.altapo.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3085, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an81dns.ru"; dns.query; content:"an81dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3086, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for angrysky.ru"; dns.query; content:"angrysky.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3087, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arcticstorm.ru"; dns.query; content:"arcticstorm.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3088, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aridia.ru"; dns.query; content:"aridia.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3089, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for node3.b4el.ru"; dns.query; content:"node3.b4el.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3090, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.blackrandcrf.ru"; dns.query; content:"dns1.blackrandcrf.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3091, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.blurryface.ru"; dns.query; content:"ad.blurryface.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3092, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ch295.ru"; dns.query; content:"dns.ch295.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3093, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s2.d3mik.ru"; dns.query; content:"s2.d3mik.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3094, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d3vy.ru"; dns.query; content:"d3vy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3095, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dehb.ru"; dns.query; content:"adguard.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3096, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for audio.dehb.ru"; dns.query; content:"audio.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3097, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for contacts.dehb.ru"; dns.query; content:"contacts.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3098, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.dehb.ru"; dns.query; content:"nas.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3099, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for note.dehb.ru"; dns.query; content:"note.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3100, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surve.dehb.ru"; dns.query; content:"surve.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3101, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dehb.ru"; dns.query; content:"www.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3102, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.delitarus.ru"; dns.query; content:"dns.delitarus.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3103, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dierro.ru"; dns.query; content:"dns.dierro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3104, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-adguard.ru"; dns.query; content:"dns-adguard.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3105, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.engineer-lib.ru"; dns.query; content:"dns.engineer-lib.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3106, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fihch.ru"; dns.query; content:"adguard.fihch.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3107, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.geshido.ru"; dns.query; content:"vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3108, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roma.vpn.geshido.ru"; dns.query; content:"roma.vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3109, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for graveofhope.ru"; dns.query; content:"graveofhope.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3110, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.helpdesk38.ru"; dns.query; content:"adguard.helpdesk38.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3111, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.henek.ru"; dns.query; content:"dns.henek.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3112, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1552270.hosted-by-vdsina.ru"; dns.query; content:"v1552270.hosted-by-vdsina.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3113, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2552269.hosted-by-vdsina.ru"; dns.query; content:"v2552269.hosted-by-vdsina.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3114, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i-puppy.ru"; dns.query; content:"i-puppy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3115, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ec.i-puppy.ru"; dns.query; content:"ec.i-puppy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3116, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru.i-puppy.ru"; dns.query; content:"ru.i-puppy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3117, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fb.i81.ru"; dns.query; content:"fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3118, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fb.i81.ru"; dns.query; content:"dns.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3119, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hr.i81.ru"; dns.query; content:"hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3120, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.hr.i81.ru"; dns.query; content:"alisa.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3121, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.hr.i81.ru"; dns.query; content:"amigo.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3122, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hr.i81.ru"; dns.query; content:"dns.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3123, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filya.hr.i81.ru"; dns.query; content:"filya.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3124, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.hr.i81.ru"; dns.query; content:"igor.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3125, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.hr.i81.ru"; dns.query; content:"kotys.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3126, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lena.hr.i81.ru"; dns.query; content:"lena.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3127, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.hr.i81.ru"; dns.query; content:"luba.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3128, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.hr.i81.ru"; dns.query; content:"olga.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3129, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vasya.hr.i81.ru"; dns.query; content:"vasya.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3130, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.hr.i81.ru"; dns.query; content:"vova.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3131, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.hr.i81.ru"; dns.query; content:"vovale.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3132, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for win10virtual.hr.i81.ru"; dns.query; content:"win10virtual.hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3133, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.px.i81.ru"; dns.query; content:"amigo.px.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3134, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for derevnya.px.i81.ru"; dns.query; content:"derevnya.px.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3135, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.px.i81.ru"; dns.query; content:"home.px.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3136, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.vd.i81.ru"; dns.query; content:"alisa.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3137, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.vd.i81.ru"; dns.query; content:"amigo.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3138, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vd.i81.ru"; dns.query; content:"dns.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3139, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filya.vd.i81.ru"; dns.query; content:"filya.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3140, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.vd.i81.ru"; dns.query; content:"igor.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3141, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.vd.i81.ru"; dns.query; content:"kotys.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3142, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lena.vd.i81.ru"; dns.query; content:"lena.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3143, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.vd.i81.ru"; dns.query; content:"luba.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3144, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.vd.i81.ru"; dns.query; content:"olga.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3145, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vasya.vd.i81.ru"; dns.query; content:"vasya.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3146, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.vd.i81.ru"; dns.query; content:"vova.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3147, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.vd.i81.ru"; dns.query; content:"vovale.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3148, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for win10virtual.vd.i81.ru"; dns.query; content:"win10virtual.vd.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3149, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.i81.ru"; dns.query; content:"vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3150, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.vpn.i81.ru"; dns.query; content:"alisa.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3151, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.vpn.i81.ru"; dns.query; content:"amigo.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3152, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vpn.i81.ru"; dns.query; content:"dns.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3153, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filya.vpn.i81.ru"; dns.query; content:"filya.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3154, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.vpn.i81.ru"; dns.query; content:"igor.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3155, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.vpn.i81.ru"; dns.query; content:"kotys.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3156, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lena.vpn.i81.ru"; dns.query; content:"lena.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3157, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.vpn.i81.ru"; dns.query; content:"luba.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3158, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.vpn.i81.ru"; dns.query; content:"olga.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3159, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vasya.vpn.i81.ru"; dns.query; content:"vasya.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3160, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.vpn.i81.ru"; dns.query; content:"vova.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3161, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.vpn.i81.ru"; dns.query; content:"vovale.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3162, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for win10virtual.vpn.i81.ru"; dns.query; content:"win10virtual.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3163, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sec.iamninja.ru"; dns.query; content:"sec.iamninja.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3164, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for itlikehell.ru"; dns.query; content:"itlikehell.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3165, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itnetpass.ru"; dns.query; content:"dns.itnetpass.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3166, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fvpn.jarvishome.ru"; dns.query; content:"fvpn.jarvishome.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3167, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.jmarkin.ru"; dns.query; content:"vps.jmarkin.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3168, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.k-likhachev.ru"; dns.query; content:"adguard.k-likhachev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3169, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kirnet.ru"; dns.query; content:"kirnet.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3170, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kocapb.ru"; dns.query; content:"kocapb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3171, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kondrcloud.ru"; dns.query; content:"www.kondrcloud.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3172, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kopcm.ru"; dns.query; content:"kopcm.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3173, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ksedns.ru"; dns.query; content:"ksedns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3174, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proxy.landerbrauver.ru"; dns.query; content:"proxy.landerbrauver.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3175, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.lolg.ru"; dns.query; content:"a.lolg.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3176, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for malanser.ru"; dns.query; content:"malanser.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3177, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.malanser.ru"; dns.query; content:"dns.malanser.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3178, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mrzbcli.ru"; dns.query; content:"dns.mrzbcli.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3179, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bacer.msk.ru"; dns.query; content:"bacer.msk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3180, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mtsdns.ru"; dns.query; content:"mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3181, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.mtsdns.ru"; dns.query; content:"vps.mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3182, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d1.vps.mtsdns.ru"; dns.query; content:"d1.vps.mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3183, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d2.vps.mtsdns.ru"; dns.query; content:"d2.vps.mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3184, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d3.vps.mtsdns.ru"; dns.query; content:"d3.vps.mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3185, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d4.vps.mtsdns.ru"; dns.query; content:"d4.vps.mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3186, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deti.vps.mtsdns.ru"; dns.query; content:"deti.vps.mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3187, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vps.mtsdns.ru"; dns.query; content:"dns.vps.mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3188, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.vps.mtsdns.ru"; dns.query; content:"home.vps.mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3189, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ivan.vps.mtsdns.ru"; dns.query; content:"ivan.vps.mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3190, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lena.vps.mtsdns.ru"; dns.query; content:"lena.vps.mtsdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3191, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nobodyhere.ru"; dns.query; content:"nobodyhere.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3192, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pastorov.ru"; dns.query; content:"dns.pastorov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3193, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wg.pastorov.ru"; dns.query; content:"wg.pastorov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3194, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.petqa.ru"; dns.query; content:"dns.petqa.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3195, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for door.plasmadancer.ru"; dns.query; content:"door.plasmadancer.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3196, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pukanuragan.ru"; dns.query; content:"pukanuragan.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3197, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for log.qrsoft.ru"; dns.query; content:"log.qrsoft.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3198, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wir.rbs-net.ru"; dns.query; content:"wir.rbs-net.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3199, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rfsoftdev.ru"; dns.query; content:"rfsoftdev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3200, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s1.rfsoftdev.ru"; dns.query; content:"s1.rfsoftdev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3201, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s2.rfsoftdev.ru"; dns.query; content:"s2.rfsoftdev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3202, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.rock-review.ru"; dns.query; content:"1.rock-review.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3203, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rshtkdn.ru"; dns.query; content:"dns.rshtkdn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3204, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.sakhwow.ru"; dns.query; content:"vpn.sakhwow.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3205, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdvizhkov.ru"; dns.query; content:"sdvizhkov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3206, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.serdcebolit.ru"; dns.query; content:"dns.serdcebolit.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3207, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.serdcebolit.ru"; dns.query; content:"dns1.serdcebolit.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3208, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.serverfox.ru"; dns.query; content:"dns.serverfox.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3209, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for signsservers.ru"; dns.query; content:"signsservers.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3210, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.soloanvill.ru"; dns.query; content:"adguard.soloanvill.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3211, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lomoff.spb.ru"; dns.query; content:"lomoff.spb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3212, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ssh-storage.ru"; dns.query; content:"ssh-storage.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3213, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ssh-storage.ru"; dns.query; content:"dot.ssh-storage.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3214, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.systemfall.ru"; dns.query; content:"ad.systemfall.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3215, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns0.tardishost.ru"; dns.query; content:"dns0.tardishost.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3216, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.tardishost.ru"; dns.query; content:"dns1.tardishost.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3217, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tigrons.ru"; dns.query; content:"tigrons.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3218, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.trifanov-online.ru"; dns.query; content:"dns.trifanov-online.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3219, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trovs.ru"; dns.query; content:"trovs.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3220, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.trovs.ru"; dns.query; content:"www.trovs.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3221, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rb750gr3.ulfhednar.ru"; dns.query; content:"rb750gr3.ulfhednar.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3222, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unvpn.ru"; dns.query; content:"dns.unvpn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3223, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vasiliysoldatkin.ru"; dns.query; content:"vasiliysoldatkin.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3224, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vasiliysoldatkin.ru"; dns.query; content:"www.vasiliysoldatkin.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3225, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vectorsigma.ru"; dns.query; content:"dns.vectorsigma.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3226, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vk09.ru"; dns.query; content:"dns.vk09.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3227, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vladpro.ru"; dns.query; content:"vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3228, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vladpro.ru"; dns.query; content:"dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3229, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.vladpro.ru"; dns.query; content:"family.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3230, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for matvey.dns.vladpro.ru"; dns.query; content:"matvey.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3231, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nastya.dns.vladpro.ru"; dns.query; content:"nastya.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3232, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.dns.vladpro.ru"; dns.query; content:"noads.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3233, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vlad.dns.vladpro.ru"; dns.query; content:"vlad.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3234, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpndns.ru"; dns.query; content:"vpndns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3235, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x-busy.ru"; dns.query; content:"x-busy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3236, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xorlet.ru"; dns.query; content:"doh.xorlet.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3237, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-yyz.doh.sb"; dns.query; content:"ca-yyz.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27993238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3238, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu.doh.sb"; dns.query; content:"eu.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27993239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3239, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe.doh.sb"; dns.query; content:"europe.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27993240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3240, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.baidu-zn.sbs"; dns.query; content:"adguard.baidu-zn.sbs"; nocase; fast_pattern; classtype:bad-unknown; sid:27993241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3241, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for m.myspace.sbs"; dns.query; content:"m.myspace.sbs"; nocase; fast_pattern; classtype:bad-unknown; sid:27993242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3242, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kokesh.se"; dns.query; content:"kokesh.se"; nocase; fast_pattern; classtype:bad-unknown; sid:27993243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3243, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kokesh.se"; dns.query; content:"www.kokesh.se"; nocase; fast_pattern; classtype:bad-unknown; sid:27993244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3244, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.netmasc.services"; dns.query; content:"adguard.netmasc.services"; nocase; fast_pattern; classtype:bad-unknown; sid:27993245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3245, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for volkens.services"; dns.query; content:"volkens.services"; nocase; fast_pattern; classtype:bad-unknown; sid:27993246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3246, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jaye.sh"; dns.query; content:"adguard.jaye.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27993247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3247, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asuswrt.jaye.sh"; dns.query; content:"asuswrt.jaye.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27993248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3248, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn-tw.teng.sh"; dns.query; content:"vpn-tw.teng.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27993249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3249, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ayasesayuki.shop"; dns.query; content:"ayasesayuki.shop"; nocase; fast_pattern; classtype:bad-unknown; sid:27993250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3250, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.adguard.marto.si"; dns.query; content:"www.adguard.marto.si"; nocase; fast_pattern; classtype:bad-unknown; sid:27993251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3251, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.doubleatech.site"; dns.query; content:"agh.doubleatech.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3252, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dxym.site"; dns.query; content:"www.dxym.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3253, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hayadns.site"; dns.query; content:"hayadns.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3254, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jcdn.site"; dns.query; content:"dns.jcdn.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3255, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mochou.site"; dns.query; content:"doh.mochou.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3256, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.paulopinto.site"; dns.query; content:"ad.paulopinto.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3257, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.redroot.site"; dns.query; content:"dns.redroot.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3258, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s1.s2.shahramv1.site"; dns.query; content:"s1.s2.shahramv1.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3259, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.srijan.site"; dns.query; content:"dns.srijan.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3260, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yuanmu.site"; dns.query; content:"dns.yuanmu.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3261, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.p3k.sk"; dns.query; content:"dns.p3k.sk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3262, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arashi.solutions"; dns.query; content:"arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3263, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.arashi.solutions"; dns.query; content:"adguard.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3264, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for invidious.arashi.solutions"; dns.query; content:"invidious.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3265, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mysterium.arashi.solutions"; dns.query; content:"mysterium.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3266, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s3.arashi.solutions"; dns.query; content:"s3.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3267, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s3-api.arashi.solutions"; dns.query; content:"s3-api.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3268, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm1.arashi.solutions"; dns.query; content:"vm1.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3269, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm2.arashi.solutions"; dns.query; content:"vm2.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3270, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wazuh.arashi.solutions"; dns.query; content:"wazuh.arashi.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3271, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lupine.solutions"; dns.query; content:"dns.lupine.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3272, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webteufel-it.solutions"; dns.query; content:"webteufel-it.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3273, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nyx.webteufel-it.solutions"; dns.query; content:"nyx.webteufel-it.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3274, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.0rz.space"; dns.query; content:"1.0rz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3275, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.0rz.space"; dns.query; content:"2.0rz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3276, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for isakula.space"; dns.query; content:"isakula.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3277, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns.jpr.space"; dns.query; content:"addns.jpr.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3278, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kigurumi.space"; dns.query; content:"kigurumi.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3279, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kigurumi.space"; dns.query; content:"www.kigurumi.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3280, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.mmzs.space"; dns.query; content:"jp.mmzs.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3281, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pygos.space"; dns.query; content:"pygos.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3282, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for strangerandomdomain1.space"; dns.query; content:"strangerandomdomain1.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3283, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vegann.space"; dns.query; content:"adguard.vegann.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3284, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for node9.servernode.store"; dns.query; content:"node9.servernode.store"; nocase; fast_pattern; classtype:bad-unknown; sid:27993285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3285, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bigart.su"; dns.query; content:"bigart.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3286, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for non.profoxy.su"; dns.query; content:"non.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3287, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for android.non.profoxy.su"; dns.query; content:"android.non.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3288, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for browser.non.profoxy.su"; dns.query; content:"browser.non.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3289, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ios.non.profoxy.su"; dns.query; content:"ios.non.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3290, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ipv6.non.profoxy.su"; dns.query; content:"ipv6.non.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3291, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for router.non.profoxy.su"; dns.query; content:"router.non.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3292, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for windows.non.profoxy.su"; dns.query; content:"windows.non.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3293, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nonapi.profoxy.su"; dns.query; content:"nonapi.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3294, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nonapi2.profoxy.su"; dns.query; content:"nonapi2.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3295, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nonapi3.profoxy.su"; dns.query; content:"nonapi3.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3296, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nonrudns.profoxy.su"; dns.query; content:"nonrudns.profoxy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3297, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proxy.srs.su"; dns.query; content:"proxy.srs.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3298, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stdev.su"; dns.query; content:"dns.stdev.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3299, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ztv.su"; dns.query; content:"ztv.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3300, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s6.dipper315.tech"; dns.query; content:"s6.dipper315.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3301, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.everdns.tech"; dns.query; content:"dns.everdns.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3302, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.felipefalcao.tech"; dns.query; content:"dns.felipefalcao.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3303, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hanniel.tech"; dns.query; content:"hanniel.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3304, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for knowvibe.tech"; dns.query; content:"knowvibe.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3305, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qdevs.tech"; dns.query; content:"dns.qdevs.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3306, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.romain.tech"; dns.query; content:"dns.romain.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3307, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdfasluqoiwuezcvcv.tech"; dns.query; content:"sdfasluqoiwuezcvcv.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3308, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beta.thegodfatheriam.tech"; dns.query; content:"beta.thegodfatheriam.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3309, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thegodfatheriam.tech"; dns.query; content:"dns.thegodfatheriam.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3310, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vmisch.tech"; dns.query; content:"dns.vmisch.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3311, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for voyage-s01.cloudku.technology"; dns.query; content:"voyage-s01.cloudku.technology"; nocase; fast_pattern; classtype:bad-unknown; sid:27993312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3312, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for voyage-s02.cloudku.technology"; dns.query; content:"voyage-s02.cloudku.technology"; nocase; fast_pattern; classtype:bad-unknown; sid:27993313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3313, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for moph.go.th"; dns.query; content:"moph.go.th"; nocase; fast_pattern; classtype:bad-unknown; sid:27993314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3314, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for host8.248.cloudhost.in.th"; dns.query; content:"host8.248.cloudhost.in.th"; nocase; fast_pattern; classtype:bad-unknown; sid:27993315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3315, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.us.moe.tips"; dns.query; content:"doh.us.moe.tips"; nocase; fast_pattern; classtype:bad-unknown; sid:27993316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3316, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.dns-over-https.tk"; dns.query; content:"i.dns-over-https.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3317, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for duyyen.tk"; dns.query; content:"duyyen.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3318, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kapoww.tk"; dns.query; content:"dns.kapoww.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3319, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.magic-pics.tk"; dns.query; content:"guard.magic-pics.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3320, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.readlook.tk"; dns.query; content:"dns.readlook.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3321, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.roadanywhere.tk"; dns.query; content:"i.roadanywhere.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3322, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.teqilla.tk"; dns.query; content:"ag.teqilla.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3323, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.taxiora.tn"; dns.query; content:"adguard.taxiora.tn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3324, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for e23a.uk.to"; dns.query; content:"e23a.uk.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27993325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3325, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nashi.us.to"; dns.query; content:"dns.nashi.us.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27993326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3326, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.downloadacar.today"; dns.query; content:"dns.downloadacar.today"; nocase; fast_pattern; classtype:bad-unknown; sid:27993327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3327, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1ee.top"; dns.query; content:"1ee.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3328, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.1ee.top"; dns.query; content:"www.1ee.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3329, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.51st.top"; dns.query; content:"adh.51st.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3330, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsjp.akali666.top"; dns.query; content:"dnsjp.akali666.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3331, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ayzu.top"; dns.query; content:"ayzu.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3332, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ccyykk.top"; dns.query; content:"ccyykk.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3333, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for changesmart2024.top"; dns.query; content:"changesmart2024.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3334, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cinicollerico.top"; dns.query; content:"adguard.cinicollerico.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3335, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssilo.top"; dns.query; content:"dnssilo.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3336, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.doserver.top"; dns.query; content:"dns.doserver.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3337, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.fai001.top"; dns.query; content:"ad.fai001.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3338, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.gdie.top"; dns.query; content:"dns1.gdie.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3339, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for op.htyweb.top"; dns.query; content:"op.htyweb.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3340, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-us.ibmcloud.top"; dns.query; content:"dns-us.ibmcloud.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3341, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jimmyshjj.top"; dns.query; content:"jimmyshjj.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3342, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2024.laijy.top"; dns.query; content:"2024.laijy.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3343, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lboxtv.top"; dns.query; content:"lboxtv.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3344, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.lboxtv.top"; dns.query; content:"www.lboxtv.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3345, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.linlin00.top"; dns.query; content:"dns.linlin00.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3346, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an.loliconapp.top"; dns.query; content:"an.loliconapp.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3347, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ukns.milangas2.top"; dns.query; content:"ukns.milangas2.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3348, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.modsh.top"; dns.query; content:"dot.modsh.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3349, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mooncheng.top"; dns.query; content:"dns.mooncheng.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3350, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cattery.noddos.top"; dns.query; content:"cattery.noddos.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3351, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cattery2.noddos.top"; dns.query; content:"cattery2.noddos.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3352, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nothjoin.top"; dns.query; content:"nothjoin.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3353, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for phucbui.top"; dns.query; content:"phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3354, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.phucbui.top"; dns.query; content:"dns.phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3355, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.phucbui.top"; dns.query; content:"home.phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3356, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seedboxhome.phucbui.top"; dns.query; content:"seedboxhome.phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3357, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.pyio.top"; dns.query; content:"ad.pyio.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3358, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for serverhk.rannj.top"; dns.query; content:"serverhk.rannj.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3359, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sakuraknight2024.top"; dns.query; content:"sakuraknight2024.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3360, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.seekfor.top"; dns.query; content:"dns.seekfor.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3361, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for servis4u.top"; dns.query; content:"servis4u.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3362, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ymjx.shimmerl.top"; dns.query; content:"ymjx.shimmerl.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3363, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for speeddns.top"; dns.query; content:"speeddns.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3364, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s1.srch.top"; dns.query; content:"s1.srch.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3365, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.starlik.top"; dns.query; content:"dns.starlik.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3366, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.stoian.top"; dns.query; content:"adguard.stoian.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3367, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.taoday.top"; dns.query; content:"dns.taoday.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3368, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for terminalpower.top"; dns.query; content:"terminalpower.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3369, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.tgzazas.top"; dns.query; content:"a.tgzazas.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3370, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bwh.why4free.top"; dns.query; content:"bwh.why4free.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3371, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.wiqi.top"; dns.query; content:"www.wiqi.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3372, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yingroad.top"; dns.query; content:"dns.yingroad.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3373, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yyaan.top"; dns.query; content:"dns.yyaan.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3374, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zhengkaiyun.top"; dns.query; content:"zhengkaiyun.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3375, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zulkas.top"; dns.query; content:"zulkas.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3376, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guardhome.fatihkuyuk.com.tr"; dns.query; content:"guardhome.fatihkuyuk.com.tr"; nocase; fast_pattern; classtype:bad-unknown; sid:27993377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3377, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.polatarasan.com.tr"; dns.query; content:"adguard.polatarasan.com.tr"; nocase; fast_pattern; classtype:bad-unknown; sid:27993378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3378, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.polatarasan.com.tr"; dns.query; content:"dns.polatarasan.com.tr"; nocase; fast_pattern; classtype:bad-unknown; sid:27993379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3379, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.demon-inc.tw"; dns.query; content:"dns.demon-inc.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3380, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atelier.alica.idv.tw"; dns.query; content:"atelier.alica.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3381, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cloud-chen.idv.tw"; dns.query; content:"adguard.cloud-chen.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3382, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cyliu.idv.tw"; dns.query; content:"cyliu.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3383, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dreamworker.idv.tw"; dns.query; content:"dns.dreamworker.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3384, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fc.idv.tw"; dns.query; content:"dns.fc.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3385, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.fc.idv.tw"; dns.query; content:"home.fc.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3386, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls.jackyhou.idv.tw"; dns.query; content:"tls.jackyhou.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3387, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qaz.tw"; dns.query; content:"qaz.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3388, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.yps.tw"; dns.query; content:"guard.yps.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3389, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.zhuyuan.tw"; dns.query; content:"dot.zhuyuan.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3390, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for host94.rheingold.com.ua"; dns.query; content:"host94.rheingold.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3391, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azuretest.adgsrv.pp.ua"; dns.query; content:"azuretest.adgsrv.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3392, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-server.pp.ua"; dns.query; content:"adguard-server.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3393, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.alpo.pp.ua"; dns.query; content:"2.alpo.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3394, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for angry.pp.ua"; dns.query; content:"angry.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3395, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gauss.pp.ua"; dns.query; content:"gauss.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3396, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gruppo.pp.ua"; dns.query; content:"gruppo.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3397, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.pp.ua"; dns.query; content:"guard.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3398, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pad3w.pp.ua"; dns.query; content:"pad3w.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3399, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pans.pp.ua"; dns.query; content:"dns.pans.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3400, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for reskah.pp.ua"; dns.query; content:"reskah.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3401, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.sdu.pp.ua"; dns.query; content:"dns01.sdu.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3402, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for senpai.pp.ua"; dns.query; content:"senpai.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3403, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syre.pp.ua"; dns.query; content:"syre.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3404, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xxxxxxxx.pp.ua"; dns.query; content:"dns.xxxxxxxx.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3405, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.airmaxcloud.uk"; dns.query; content:"dns.airmaxcloud.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3406, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anhphamhn82.uk"; dns.query; content:"anhphamhn82.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3407, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.camn.uk"; dns.query; content:"adguard.camn.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3408, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chaosen3.co.uk"; dns.query; content:"dns.chaosen3.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3409, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.discounthost.co.uk"; dns.query; content:"adguard.discounthost.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3410, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsadguard.co.uk"; dns.query; content:"dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3411, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnsadguard.co.uk"; dns.query; content:"dns.dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3412, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.lumusimc.co.uk"; dns.query; content:"guard.lumusimc.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3413, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.macrosolutionsltd.co.uk"; dns.query; content:"adguard.macrosolutionsltd.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3414, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.norvrandt.co.uk"; dns.query; content:"home.norvrandt.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3415, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nzxti5.co.uk"; dns.query; content:"dns.nzxti5.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3416, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.understandingcyber.co.uk"; dns.query; content:"dns1.understandingcyber.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3417, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.walshnet.co.uk"; dns.query; content:"dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3418, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for augne.dns.walshnet.co.uk"; dns.query; content:"augne.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3419, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aviemore.dns.walshnet.co.uk"; dns.query; content:"aviemore.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3420, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bev.dns.walshnet.co.uk"; dns.query; content:"bev.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3421, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dugout.dns.walshnet.co.uk"; dns.query; content:"dugout.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3422, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eamonn.dns.walshnet.co.uk"; dns.query; content:"eamonn.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3423, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eoin.dns.walshnet.co.uk"; dns.query; content:"eoin.dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3424, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.goshawk22.uk"; dns.query; content:"dns.goshawk22.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3425, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for admin.homedns.uk"; dns.query; content:"admin.homedns.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3426, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hwtwco.uk"; dns.query; content:"dns.hwtwco.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3427, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maherhost.uk"; dns.query; content:"maherhost.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3428, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.marcbond.uk"; dns.query; content:"dns.marcbond.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3429, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mysuperspace.uk"; dns.query; content:"mysuperspace.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3430, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for teslacoils.org.uk"; dns.query; content:"teslacoils.org.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3431, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.plaawan.uk"; dns.query; content:"doh.plaawan.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3432, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ple91.uk"; dns.query; content:"dns.ple91.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3433, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zetland.rm-ni.uk"; dns.query; content:"zetland.rm-ni.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3434, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.sdestru.uk"; dns.query; content:"www.sdestru.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3435, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.taxiway.uk"; dns.query; content:"dns.taxiway.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3436, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dus.ysbs.uk"; dns.query; content:"dus.ysbs.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3437, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.zhongbr.uk"; dns.query; content:"doh.zhongbr.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3438, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsfilter.domotik.us"; dns.query; content:"dnsfilter.domotik.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27993439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3439, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.epaphrodit.us"; dns.query; content:"doh.epaphrodit.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27993440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3440, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.exitstat.us"; dns.query; content:"dns.exitstat.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27993441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3441, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fredic.us"; dns.query; content:"fredic.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27993442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3442, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ds1.fredic.us"; dns.query; content:"ds1.fredic.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27993443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3443, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.palvikt.us"; dns.query; content:"ns.palvikt.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27993444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3444, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ro0t.us"; dns.query; content:"adguard.ro0t.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27993445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3445, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.timkevin.us"; dns.query; content:"dns.timkevin.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27993446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3446, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.56k.uy"; dns.query; content:"dns.56k.uy"; nocase; fast_pattern; classtype:bad-unknown; sid:27993447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3447, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nicolas.vip"; dns.query; content:"dns.nicolas.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27993448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3448, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.qingmo.vip"; dns.query; content:"www.qingmo.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27993449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3449, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.amber.edu.vn"; dns.query; content:"agh.amber.edu.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3450, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homita.id.vn"; dns.query; content:"homita.id.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3451, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.realldz.id.vn"; dns.query; content:"home.realldz.id.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3452, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rini.id.vn"; dns.query; content:"rini.id.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3453, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hoavan.io.vn"; dns.query; content:"hoavan.io.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3454, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.xiaolingg.io.vn"; dns.query; content:"adguard.xiaolingg.io.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3455, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chungocoai.name.vn"; dns.query; content:"chungocoai.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3456, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tokyodns.songnguyen.name.vn"; dns.query; content:"tokyodns.songnguyen.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3457, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tran.net.vn"; dns.query; content:"tran.net.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3458, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vietdns.vn"; dns.query; content:"dns.vietdns.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3459, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for larkin.wang"; dns.query; content:"larkin.wang"; nocase; fast_pattern; classtype:bad-unknown; sid:27993460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3460, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x.res.wang"; dns.query; content:"x.res.wang"; nocase; fast_pattern; classtype:bad-unknown; sid:27993461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3461, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wns.watch"; dns.query; content:"dns.wns.watch"; nocase; fast_pattern; classtype:bad-unknown; sid:27993462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3462, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsbk.wns.watch"; dns.query; content:"dnsbk.wns.watch"; nocase; fast_pattern; classtype:bad-unknown; sid:27993463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3463, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for minami.website"; dns.query; content:"minami.website"; nocase; fast_pattern; classtype:bad-unknown; sid:27993464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3464, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.urology.wiki"; dns.query; content:"www.urology.wiki"; nocase; fast_pattern; classtype:bad-unknown; sid:27993465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3465, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for st.flyzhouyc.win"; dns.query; content:"st.flyzhouyc.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27993466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3466, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dla.ray0512.win"; dns.query; content:"dla.ray0512.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27993467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3467, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sshub.win"; dns.query; content:"dns.sshub.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27993468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3468, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dr.jp.sslbb.win"; dns.query; content:"dr.jp.sslbb.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27993469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3469, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.superstefan.win"; dns.query; content:"adguard.superstefan.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27993470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3470, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-119.cattery.work"; dns.query; content:"sg-119.cattery.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27993471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3471, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ord.chriswang.work"; dns.query; content:"dns.ord.chriswang.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27993472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3472, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.e7.work"; dns.query; content:"doh.e7.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27993473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3473, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mayr.ws"; dns.query; content:"dns.mayr.ws"; nocase; fast_pattern; classtype:bad-unknown; sid:27993474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3474, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl.adg.ghostzone.wtf"; dns.query; content:"nl.adg.ghostzone.wtf"; nocase; fast_pattern; classtype:bad-unknown; sid:27993475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3475, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xn--80aecoigf4aatn.xn--p1ai"; dns.query; content:"xn--80aecoigf4aatn.xn--p1ai"; nocase; fast_pattern; classtype:bad-unknown; sid:27993476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3476, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ss.0001.xyz"; dns.query; content:"ss.0001.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3477, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.010812.xyz"; dns.query; content:"dns.010812.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3478, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.080590.xyz"; dns.query; content:"dns.080590.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3479, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp2.101818.xyz"; dns.query; content:"jp2.101818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3480, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.101818.xyz"; dns.query; content:"sg.101818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3481, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 15101844.xyz"; dns.query; content:"15101844.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3482, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.19790307.xyz"; dns.query; content:"vps.19790307.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3483, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adhome.2011101.xyz"; dns.query; content:"adhome.2011101.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3484, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 220913.xyz"; dns.query; content:"220913.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3485, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsjp.3300000.xyz"; dns.query; content:"dnsjp.3300000.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3486, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnstr.3300000.xyz"; dns.query; content:"dnstr.3300000.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3487, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnstw.3300000.xyz"; dns.query; content:"dnstw.3300000.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3488, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsyg.3300000.xyz"; dns.query; content:"dnsyg.3300000.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3489, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.344556.xyz"; dns.query; content:"ad.344556.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3490, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xjpdns.354688.xyz"; dns.query; content:"xjpdns.354688.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3491, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pro.362878.xyz"; dns.query; content:"pro.362878.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3492, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.546413.xyz"; dns.query; content:"adguard2.546413.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3493, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bwg.559299366.xyz"; dns.query; content:"bwg.559299366.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3494, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.559299366.xyz"; dns.query; content:"hk.559299366.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3495, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.559299366.xyz"; dns.query; content:"jp.559299366.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3496, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgd.559299366.xyz"; dns.query; content:"sgd.559299366.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3497, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tokyo.559299366.xyz"; dns.query; content:"tokyo.559299366.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3498, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.559299366.xyz"; dns.query; content:"vps.559299366.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3499, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.710523.xyz"; dns.query; content:"agh.710523.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3500, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for f.761761.xyz"; dns.query; content:"f.761761.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3501, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.800801.xyz"; dns.query; content:"ad.800801.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3502, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 39g.8610099.xyz"; dns.query; content:"39g.8610099.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3503, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 959818.xyz"; dns.query; content:"959818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3504, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpok.996333.xyz"; dns.query; content:"jpok.996333.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3505, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cld.996969.xyz"; dns.query; content:"cld.996969.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3506, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for andrewnw.xyz"; dns.query; content:"andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3507, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for git.andrewnw.xyz"; dns.query; content:"git.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3508, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.andrewnw.xyz"; dns.query; content:"mail.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3509, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.andrewnw.xyz"; dns.query; content:"www.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3510, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anduong.xyz"; dns.query; content:"anduong.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3511, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atws2425.xyz"; dns.query; content:"atws2425.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3512, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bluedns.xyz"; dns.query; content:"bluedns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3513, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.chanhome.xyz"; dns.query; content:"adguard.chanhome.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3514, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alpha.cixy.xyz"; dns.query; content:"alpha.cixy.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3515, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for connectix.xyz"; dns.query; content:"connectix.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3516, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-jp0.cyhsu.xyz"; dns.query; content:"dns-jp0.cyhsu.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3517, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.doh.xyz"; dns.query; content:"www.doh.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3518, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.elashri.xyz"; dns.query; content:"adguard.elashri.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3519, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.eximpius.xyz"; dns.query; content:"adguard.eximpius.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3520, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agent.frankutils.xyz"; dns.query; content:"agent.frankutils.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3521, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fuliming.xyz"; dns.query; content:"fuliming.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3522, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.gosami.xyz"; dns.query; content:"vpn.gosami.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3523, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hgzwy.xyz"; dns.query; content:"hgzwy.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3524, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2-1.huwenqiang.xyz"; dns.query; content:"v2-1.huwenqiang.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3525, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for j10.i88.xyz"; dns.query; content:"j10.i88.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3526, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for go.icoding168.xyz"; dns.query; content:"go.icoding168.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3527, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ime-ingenierias.xyz"; dns.query; content:"ime-ingenierias.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3528, updated_at 2024_11_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itya.xyz"; dns.query; content:"dns.itya.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3529, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jelebruh.xyz"; dns.query; content:"dns.jelebruh.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3530, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kitakitsune.xyz"; dns.query; content:"adguard.kitakitsune.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3531, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kritsa0.xyz"; dns.query; content:"dns.kritsa0.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3532, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tr.league1.xyz"; dns.query; content:"tr.league1.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3533, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.libost.xyz"; dns.query; content:"dns.libost.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3534, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lifeym.xyz"; dns.query; content:"dns.lifeym.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3535, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mmzs.xyz"; dns.query; content:"dns.mmzs.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3536, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nickcan.xyz"; dns.query; content:"nickcan.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3537, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.noroba.xyz"; dns.query; content:"dns.noroba.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3538, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for irgrdns.nullapp.xyz"; dns.query; content:"irgrdns.nullapp.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3539, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for paskam.xyz"; dns.query; content:"paskam.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3540, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pingbi.xyz"; dns.query; content:"pingbi.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3541, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.pingbi.xyz"; dns.query; content:"www.pingbi.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3542, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pmoebi.xyz"; dns.query; content:"adguard.pmoebi.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3543, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.postoverall.xyz"; dns.query; content:"ns.postoverall.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3544, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aws.razor1911.xyz"; dns.query; content:"aws.razor1911.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3545, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azure.razor1911.xyz"; dns.query; content:"azure.razor1911.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3546, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.rizalagustian.xyz"; dns.query; content:"adg.rizalagustian.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3547, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sainternet.xyz"; dns.query; content:"dns.sainternet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3548, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.servernation.xyz"; dns.query; content:"adguard.servernation.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3549, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.swh123.xyz"; dns.query; content:"adg.swh123.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3550, updated_at 2024_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thakkali.teej.xyz"; dns.query; content:"thakkali.teej.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3551, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for killads.vpms.xyz"; dns.query; content:"killads.vpms.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3552, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.x88x.xyz"; dns.query; content:"adguard.x88x.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3553, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.yuki2th.xyz"; dns.query; content:"adguard.yuki2th.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3554, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.zettawize.xyz"; dns.query; content:"dns1.zettawize.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3555, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns1.zettawize.xyz"; dns.query; content:"www.dns1.zettawize.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3556, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.datamatter.co.za"; dns.query; content:"adg.datamatter.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3557, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gn-z11.franscois.co.za"; dns.query; content:"gn-z11.franscois.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3558, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nerdytechgeeks.co.za"; dns.query; content:"dns.nerdytechgeeks.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3559, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns01.nerdytechgeeks.co.za"; dns.query; content:"ns01.nerdytechgeeks.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3560, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns02.nerdytechgeeks.co.za"; dns.query; content:"ns02.nerdytechgeeks.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3561, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns03.nerdytechgeeks.co.za"; dns.query; content:"ns03.nerdytechgeeks.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3562, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neatdns.ustclug.org"; dns.query; content:"neatdns.ustclug.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3563, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for berd.moe"; dns.query; content:"berd.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27993564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3564, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ipv6dns.com"; dns.query; content:"dns.ipv6dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3565, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.vvvglass.com"; dns.query; content:"a.vvvglass.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3566, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a-bld.sys-adm.in"; dns.query; content:"a-bld.sys-adm.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3567, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bld.sys-adm.in"; dns.query; content:"bld.sys-adm.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3568, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chewbacca.meganerd.nl"; dns.query; content:"chewbacca.meganerd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3569, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.melalandia.tk"; dns.query; content:"dns.melalandia.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3570, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wevpn.com"; dns.query; content:"dns.wevpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3571, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsenc.com"; dns.query; content:"dnsenc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3572, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-weblock.wevpn.com"; dns.query; content:"dns-weblock.wevpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3573, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iris.woozeno.eu"; dns.query; content:"iris.woozeno.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3574, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for irre.li"; dns.query; content:"irre.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27993575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3575, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nebula.tru.io"; dns.query; content:"nebula.tru.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27993576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3576, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.i-evolve.net"; dns.query; content:"ns1.i-evolve.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3577, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hshh.org"; dns.query; content:"ns2.hshh.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3578, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for puredns.org"; dns.query; content:"puredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3579, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sby-doh.limotelu.org"; dns.query; content:"sby-doh.limotelu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3580, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1and1-dns.de"; dns.query; content:"1and1-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3581, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 233py.com"; dns.query; content:"233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3582, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alidns.51top.info"; dns.query; content:"alidns.51top.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3583, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.au.ahadns.net"; dns.query; content:"dot.au.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3584, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blitz-setup.ahadns.com"; dns.query; content:"blitz-setup.ahadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3585, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alidns.com"; dns.query; content:"alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3586, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.alidns.com"; dns.query; content:"doh.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3587, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.alidns.com"; dns.query; content:"doh1.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3588, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public.alidns.com"; dns.query; content:"public.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3589, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public2.alidns.com"; dns.query; content:"public2.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3590, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public254.alidns.com"; dns.query; content:"public254.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3591, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public99.alidns.com"; dns.query; content:"public99.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3592, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-api.fe2.apple-dns.net"; dns.query; content:"mask-api.fe2.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3593, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask.apple-dns.net"; dns.query; content:"mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3594, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apple-relay.mask.apple-dns.net"; dns.query; content:"apple-relay.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3595, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ausyd2.mask.apple-dns.net"; dns.query; content:"ausyd2.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3596, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for canary.mask.apple-dns.net"; dns.query; content:"canary.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3597, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deber3.mask.apple-dns.net"; dns.query; content:"deber3.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3598, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gbslo5.mask.apple-dns.net"; dns.query; content:"gbslo5.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3599, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jptyo12.mask.apple-dns.net"; dns.query; content:"jptyo12.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3600, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nlhfd1.mask.apple-dns.net"; dns.query; content:"nlhfd1.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3601, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sesto4.mask.apple-dns.net"; dns.query; content:"sesto4.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3602, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for twntc1.mask.apple-dns.net"; dns.query; content:"twntc1.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3603, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usatl5.mask.apple-dns.net"; dns.query; content:"usatl5.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3604, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uschi7.mask.apple-dns.net"; dns.query; content:"uschi7.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3605, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usmsc2.mask.apple-dns.net"; dns.query; content:"usmsc2.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3606, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usqas5.mask.apple-dns.net"; dns.query; content:"usqas5.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3607, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usuyk1.mask.apple-dns.net"; dns.query; content:"usuyk1.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3608, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for africa-mask.wrr.mask.apple-dns.net"; dns.query; content:"africa-mask.wrr.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3609, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apac-mask.wrr.mask.apple-dns.net"; dns.query; content:"apac-mask.wrr.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3610, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for emea-mask.wrr.mask.apple-dns.net"; dns.query; content:"emea-mask.wrr.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3611, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for north-america-mask.wrr.mask.apple-dns.net"; dns.query; content:"north-america-mask.wrr.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3612, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oceania-mask.wrr.mask.apple-dns.net"; dns.query; content:"oceania-mask.wrr.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3613, updated_at 2025_01_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for south-america-mask.wrr.mask.apple-dns.net"; dns.query; content:"south-america-mask.wrr.mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3614, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot1.appliedprivacy.net"; dns.query; content:"dot1.appliedprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3615, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for africa.avastdns.com"; dns.query; content:"africa.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3616, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ore-dns.bitdefender.net"; dns.query; content:"ore-dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3617, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.blahdns.com"; dns.query; content:"2.dnscrypt-cert.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3618, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.blaze-sk.ru"; dns.query; content:"dns.blaze-sk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3619, updated_at 2025_01_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for example.doh.blockerdns.com"; dns.query; content:"example.doh.blockerdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3620, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c-dns.com"; dns.query; content:"c-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3621, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.captnemo.in"; dns.query; content:"2.dnscrypt-cert.captnemo.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3622, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for catdns.org"; dns.query; content:"catdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3623, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alidns.cb1999.top"; dns.query; content:"alidns.cb1999.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3624, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alidns2.cb1999.top"; dns.query; content:"alidns2.cb1999.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3625, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for api.cloudflareclient.com"; dns.query; content:"api.cloudflareclient.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3626, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflareresolve.com"; dns.query; content:"cloudflareresolve.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3627, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.hostme.co.il"; dns.query; content:"ag.hostme.co.il"; nocase; fast_pattern; classtype:bad-unknown; sid:27993628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3628, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh.crypto.sx"; dns.query; content:"odoh.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27993629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3629, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dltuykfgp.top"; dns.query; content:"dltuykfgp.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3630, updated_at 2025_05_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.shield-2.dnsbycomodo.com"; dns.query; content:"2.dnscrypt-cert.shield-2.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3631, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-doh-no-safe-search.dnsforfamily.com"; dns.query; content:"dns-doh-no-safe-search.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3632, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.asia.dnswarden.com"; dns.query; content:"doh.asia.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3633, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eu.dnswarden.com"; dns.query; content:"doh.eu.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3634, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr1.dnswarden.com"; dns.query; content:"fr1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3635, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg1.dnswarden.com"; dns.query; content:"sg1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3636, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.us.dnswarden.com"; dns.query; content:"doh.us.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3637, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.ffmuc.net"; dns.query; content:"2.dnscrypt-cert.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3638, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gclouddns.com"; dns.query; content:"gclouddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3639, updated_at 2025_04_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-boot.icloud.com"; dns.query; content:"mask-boot.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3640, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-canary.icloud.com"; dns.query; content:"mask-canary.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3641, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.imchristian.de"; dns.query; content:"dns.imchristian.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3642, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iot-dns.com"; dns.query; content:"iot-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3643, updated_at 2024_12_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for diy.itsa.top"; dns.query; content:"diy.itsa.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3644, updated_at 2024_11_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.londonwebnerd.cloud"; dns.query; content:"adguard.londonwebnerd.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3645, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mandre.dev"; dns.query; content:"dns.mandre.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3646, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.muxyuji.ru"; dns.query; content:"www.muxyuji.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3647, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.quydang.name.vn"; dns.query; content:"adguard.quydang.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3648, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edge.nextdns.io"; dns.query; content:"edge.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27993649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3649, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.notjakob.com"; dns.query; content:"dns.notjakob.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3650, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.opendns.com"; dns.query; content:"2.dnscrypt-cert.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3651, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-ovh.panszelescik.pl"; dns.query; content:"dns-ovh.panszelescik.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3652, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.westeu.pi-dns.com"; dns.query; content:"doh.westeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3653, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for publicdnsserver.com"; dns.query; content:"publicdnsserver.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3654, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.quad9.net"; dns.query; content:"2.dnscrypt-cert.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3655, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rethinkdns.com"; dns.query; content:"rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3656, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au.rslvr.eu"; dns.query; content:"au.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3657, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bg.rslvr.eu"; dns.query; content:"bg.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3658, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.rslvr.eu"; dns.query; content:"hk.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3659, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.rslvr.eu"; dns.query; content:"jp.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3660, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl.rslvr.eu"; dns.query; content:"nl.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3661, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.rslvr.eu"; dns.query; content:"sg.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3662, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.rslvr.eu"; dns.query; content:"us.rslvr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3663, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sealyserver.com"; dns.query; content:"adguard.sealyserver.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3664, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sitdns.com"; dns.query; content:"sitdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3665, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.t-ipnet.de"; dns.query; content:"dns.t-ipnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3666, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tryk.app"; dns.query; content:"dns.tryk.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27993667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3667, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unasw.eu"; dns.query; content:"unasw.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3668, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensoreddns.org"; dns.query; content:"uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3669, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.this.web.id"; dns.query; content:"doh.this.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3670, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wechat.com"; dns.query; content:"dns.wechat.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3671, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.browser.yandex.net"; dns.query; content:"2.dnscrypt-cert.browser.yandex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3672, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.yandex.ru"; dns.query; content:"family.dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3673, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secondary.family.dns.yandex.ru"; dns.query; content:"secondary.family.dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3674, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secondary.dns.yandex.ru"; dns.query; content:"secondary.dns.yandex.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3675, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zburger.top"; dns.query; content:"zburger.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3676, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zfsystem.tech"; dns.query; content:"dns.zfsystem.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3677, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aattwwss.duckdns.org"; dns.query; content:"aattwwss.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3678, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaytorr.com"; dns.query; content:"dns.aaytorr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3679, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardh.ga"; dns.query; content:"adguardh.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27993680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3680, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.adrianion.eu"; dns.query; content:"dns1.adrianion.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3681, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.afastserver.com"; dns.query; content:"dns2.afastserver.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3682, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aihe.app"; dns.query; content:"aihe.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27993683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3683, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for airmaxcloud.ml"; dns.query; content:"airmaxcloud.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3684, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdjdns.ajraspi.xyz"; dns.query; content:"rdjdns.ajraspi.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3685, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ambiya.net"; dns.query; content:"adguard.ambiya.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3686, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.amigo-mgn.ru"; dns.query; content:"dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3687, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.anir0y.in"; dns.query; content:"dot.anir0y.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3688, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anixlab.com"; dns.query; content:"anixlab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3689, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for axaxa.fun"; dns.query; content:"axaxa.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27993690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3690, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.azcom.dev"; dns.query; content:"dns.azcom.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3691, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bcandrade.ml"; dns.query; content:"bcandrade.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3692, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.beliefanx.cn"; dns.query; content:"adguard.beliefanx.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3693, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.benpro.fr"; dns.query; content:"dns.benpro.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27993694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3694, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.bielperes.me"; dns.query; content:"mydns.bielperes.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3695, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for goga7777777.bissnes.org"; dns.query; content:"goga7777777.bissnes.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3696, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.bitteeinbyte.de"; dns.query; content:"adguard.bitteeinbyte.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3697, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bluemeda.cf"; dns.query; content:"dns.bluemeda.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27993698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3698, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brian-hong.tech"; dns.query; content:"dns.brian-hong.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3699, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cdzopi.duckdns.org"; dns.query; content:"cdzopi.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3700, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cintra.ml"; dns.query; content:"cintra.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3701, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cvt-ic-us-adns-001.clearviewtechnology.net"; dns.query; content:"cvt-ic-us-adns-001.clearviewtechnology.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3702, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-secondary.cloudnx.cloud"; dns.query; content:"dns-secondary.cloudnx.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3703, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.comeonjames.club"; dns.query; content:"dns.comeonjames.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27993704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3704, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cossxiu.ga"; dns.query; content:"cossxiu.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27993705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3705, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dtness.com"; dns.query; content:"adguard.dtness.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3706, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dessoi.cloud"; dns.query; content:"adguard.dessoi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3707, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dgca.myds.me"; dns.query; content:"dgca.myds.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3708, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.dns.ikataruto.com"; dns.query; content:"jp.dns.ikataruto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3709, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apne1.dns.terumi.club"; dns.query; content:"apne1.dns.terumi.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27993710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3710, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns9999.duckdns.org"; dns.query; content:"dns9999.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3711, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-tr.dnsflex.com"; dns.query; content:"doh-lb-tr.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3712, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.druta.me"; dns.query; content:"dns.druta.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3713, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dutchwhite.nl"; dns.query; content:"dns.dutchwhite.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3714, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.elshad-adgh-dns.ru"; dns.query; content:"www.elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3715, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eweyo.duckdns.org"; dns.query; content:"eweyo.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3716, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvps.familiamv.ml"; dns.query; content:"dnsvps.familiamv.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3717, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.familiamichels.com.br"; dns.query; content:"dns.familiamichels.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27993718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3718, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.faze.dev"; dns.query; content:"dns.faze.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3719, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for felipefalcao.me"; dns.query; content:"felipefalcao.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3720, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for findmethedns.info"; dns.query; content:"findmethedns.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3721, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.firestrike-services.de"; dns.query; content:"adguard.firestrike-services.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3722, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mipauns.com"; dns.query; content:"dns.mipauns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3723, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.frece.de"; dns.query; content:"adguard.frece.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3724, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gbrossi.com.br"; dns.query; content:"adguard.gbrossi.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27993725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3725, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.ggrbb.xyz"; dns.query; content:"www.ggrbb.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3726, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for groupy.ga"; dns.query; content:"groupy.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27993727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3727, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hafidzradhival.my.id"; dns.query; content:"dns.hafidzradhival.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3728, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.haoxuan.xyz"; dns.query; content:"dns.haoxuan.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3729, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hgns.harriganhome.ga"; dns.query; content:"hgns.harriganhome.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27993730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3730, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad1.heronet.nl"; dns.query; content:"ad1.heronet.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3731, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.dlinkddns.com"; dns.query; content:"home.dlinkddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3732, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muc-ns01.ibytex.systems"; dns.query; content:"muc-ns01.ibytex.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27993733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3733, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for premiumtier-network.instadart.net"; dns.query; content:"premiumtier-network.instadart.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3734, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for intertop.link"; dns.query; content:"intertop.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27993735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3735, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.invisv.com"; dns.query; content:"dns.invisv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3736, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itdept.pro"; dns.query; content:"dns.itdept.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3737, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr.pigs.eu.org"; dns.query; content:"kr.pigs.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3738, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.josephyap.me"; dns.query; content:"adguard.josephyap.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3739, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jpjb.net"; dns.query; content:"adguard.jpjb.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3740, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jucker.engineering"; dns.query; content:"dns.jucker.engineering"; nocase; fast_pattern; classtype:bad-unknown; sid:27993741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3741, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.kano.sh"; dns.query; content:"jp.kano.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27993742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3742, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for karimdns.com"; dns.query; content:"karimdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3743, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kennethhuang.com"; dns.query; content:"kennethhuang.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3744, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.korks.tk"; dns.query; content:"adguard.korks.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3745, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kswro.web.id"; dns.query; content:"kswro.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3746, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safe.kswro.web.id"; dns.query; content:"safe.kswro.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3747, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for externalmobiel.lekdijk.online"; dns.query; content:"externalmobiel.lekdijk.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27993748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3748, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lspcr.space"; dns.query; content:"adguard.lspcr.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3749, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lujiacai.top"; dns.query; content:"doh.lujiacai.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3750, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsserver.mailchan.eu"; dns.query; content:"dnsserver.mailchan.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3751, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.malwarelul.download"; dns.query; content:"dns.malwarelul.download"; nocase; fast_pattern; classtype:bad-unknown; sid:27993752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3752, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mgiptvpro.ml"; dns.query; content:"dns.mgiptvpro.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3753, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.truong.fi"; dns.query; content:"dns.truong.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27993754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3754, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mokocup.cf"; dns.query; content:"adguard.mokocup.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27993755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3755, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moog.sh"; dns.query; content:"dns.moog.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27993756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3756, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n-wan.dynv6.net"; dns.query; content:"n-wan.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3757, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ninny.duckdns.org"; dns.query; content:"ninny.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3758, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.opnsource.com.au"; dns.query; content:"dns.opnsource.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27993759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3759, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thanos.pleumkungz.com"; dns.query; content:"thanos.pleumkungz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3760, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privilab.net"; dns.query; content:"dns.privilab.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3761, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.ssrahul96.xyz"; dns.query; content:"ag.ssrahul96.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3762, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.randomaizer.lentel.ru"; dns.query; content:"adguard.randomaizer.lentel.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3763, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.richardapplegate.io"; dns.query; content:"adguard.richardapplegate.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27993764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3764, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rjmva.com"; dns.query; content:"rjmva.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3765, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-dns.rouga.ch"; dns.query; content:"adguard-dns.rouga.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27993766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3766, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sagutxustech.com"; dns.query; content:"sagutxustech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3767, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgpcloud.duckdns.org"; dns.query; content:"sgpcloud.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3768, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lsho.top"; dns.query; content:"dns.lsho.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3769, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.siry.de"; dns.query; content:"dns.siry.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3770, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stvsk.ml"; dns.query; content:"dns.stvsk.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3771, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.surfshark.com"; dns.query; content:"dns.surfshark.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3772, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surt.ml"; dns.query; content:"surt.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3773, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.techcpu.net"; dns.query; content:"dns.techcpu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3774, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tk31z.com"; dns.query; content:"tk31z.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3775, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for toaster.lol"; dns.query; content:"toaster.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27993776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3776, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.apigw.online"; dns.query; content:"dns.apigw.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27993777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3777, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-east.tylerwahl.com"; dns.query; content:"dns-east.tylerwahl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3778, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unixfox.duckdns.org"; dns.query; content:"unixfox.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3779, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securedns.vendorvista.xyz"; dns.query; content:"securedns.vendorvista.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3780, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpservice.cf"; dns.query; content:"vpservice.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27993781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3781, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vvmm.me"; dns.query; content:"vvmm.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3782, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.vietdns.vn"; dns.query; content:"kids.vietdns.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3783, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wakgood.net"; dns.query; content:"dns.wakgood.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3784, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x-o-x.duckdns.org"; dns.query; content:"x-o-x.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3785, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads.x88.in"; dns.query; content:"ads.x88.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3786, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xthwo.duckdns.org"; dns.query; content:"xthwo.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3787, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lion.yazilimatolye.com"; dns.query; content:"lion.yazilimatolye.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3788, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.ga"; dns.query; content:"ychen.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27993789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3789, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.youni.win"; dns.query; content:"dns.youni.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27993790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3790, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.1899.com.mx"; dns.query; content:"ns1.1899.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27993791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3791, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.1899.com.mx"; dns.query; content:"ns2.1899.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27993792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3792, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t2c.240130034.xyz"; dns.query; content:"t2c.240130034.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3793, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n.3363.net"; dns.query; content:"n.3363.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3794, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.5ososea.com"; dns.query; content:"dns.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3795, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.68360612.xyz"; dns.query; content:"jp.68360612.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3796, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.marcrnt.de"; dns.query; content:"home.marcrnt.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3797, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudbenders.fun"; dns.query; content:"cloudbenders.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27993798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3798, updated_at 2024_12_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lewsha.lol"; dns.query; content:"lewsha.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27993799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3799, updated_at 2024_12_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mbrjun.cn"; dns.query; content:"dns.mbrjun.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3800, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-random-upstream.nicolas-dorriere.fr"; dns.query; content:"doh-random-upstream.nicolas-dorriere.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27993801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3801, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-own-recursion.nicolas-dorriere.fr"; dns.query; content:"doh-own-recursion.nicolas-dorriere.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27993802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3802, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu.tri-dns.net"; dns.query; content:"eu.tri-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3803, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for greatideasforlife.lol"; dns.query; content:"greatideasforlife.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27993804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3804, updated_at 2024_11_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflaredns.com"; dns.query; content:"cloudflaredns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3805, updated_at 2025_05_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bne01.dnscry.pt"; dns.query; content:"bne01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3806, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lis01.dnscry.pt"; dns.query; content:"lis01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3807, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sitha-is.so-gorgeo.us.kg"; dns.query; content:"sitha-is.so-gorgeo.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27993808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3808, updated_at 2025_03_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.hajekj.net"; dns.query; content:"doh.hajekj.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3809, updated_at 2024_12_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kavkaz.monster"; dns.query; content:"kavkaz.monster"; nocase; fast_pattern; classtype:bad-unknown; sid:27993810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3810, updated_at 2024_12_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.builders"; dns.query; content:"mabuktogel.builders"; nocase; fast_pattern; classtype:bad-unknown; sid:27993811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3811, updated_at 2024_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.salonia.it"; dns.query; content:"dns.salonia.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27993812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3812, updated_at 2024_11_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apple-relay.akamaized.net"; dns.query; content:"apple-relay.akamaized.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3813, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apple-relay.apple.com"; dns.query; content:"apple-relay.apple.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3814, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apple-relay.cloudfare.com"; dns.query; content:"apple-relay.cloudfare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3815, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apple-relay.cloudflare.com"; dns.query; content:"apple-relay.cloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3816, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apple-relay.fastly-edge.com"; dns.query; content:"apple-relay.fastly-edge.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3817, updated_at 2025_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.marketing"; dns.query; content:"mabuktogel.marketing"; nocase; fast_pattern; classtype:bad-unknown; sid:27993818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3818, updated_at 2025_01_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.ltd"; dns.query; content:"mabuktogel.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27993819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3819, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.degree"; dns.query; content:"mabuktogel.degree"; nocase; fast_pattern; classtype:bad-unknown; sid:27993820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3820, updated_at 2024_12_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.properties"; dns.query; content:"mabuktogel.properties"; nocase; fast_pattern; classtype:bad-unknown; sid:27993821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3821, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.business"; dns.query; content:"mabuktogel.business"; nocase; fast_pattern; classtype:bad-unknown; sid:27993822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3822, updated_at 2024_12_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.enterprises"; dns.query; content:"mabuktogel.enterprises"; nocase; fast_pattern; classtype:bad-unknown; sid:27993823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3823, updated_at 2024_12_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.solutions"; dns.query; content:"mabuktogel.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27993824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3824, updated_at 2025_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.cards"; dns.query; content:"mabuktogel.cards"; nocase; fast_pattern; classtype:bad-unknown; sid:27993825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3825, updated_at 2024_12_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.directory"; dns.query; content:"mabuktogel.directory"; nocase; fast_pattern; classtype:bad-unknown; sid:27993826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3826, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.limited"; dns.query; content:"mabuktogel.limited"; nocase; fast_pattern; classtype:bad-unknown; sid:27993827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3827, updated_at 2025_01_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.immobilien"; dns.query; content:"mabuktogel.immobilien"; nocase; fast_pattern; classtype:bad-unknown; sid:27993828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3828, updated_at 2024_12_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mabuktogel.creditcard"; dns.query; content:"mabuktogel.creditcard"; nocase; fast_pattern; classtype:bad-unknown; sid:27993829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3829, updated_at 2024_12_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardcloud.iasm.com.ar"; dns.query; content:"adguardcloud.iasm.com.ar"; nocase; fast_pattern; classtype:bad-unknown; sid:27993830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3830, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bibitos.cc"; dns.query; content:"dns.bibitos.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27993831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3831, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vemo.cc"; dns.query; content:"dns.vemo.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27993832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3832, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.glampool.cloud"; dns.query; content:"dns.glampool.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3833, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ublock-dns-resolver-03.italynorth.cloudapp.azure.com"; dns.query; content:"ublock-dns-resolver-03.italynorth.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3834, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg-nl.h4nt3r.com"; dns.query; content:"adg-nl.h4nt3r.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3835, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xv.fi"; dns.query; content:"dns.xv.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27993836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3836, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jmx94.fr"; dns.query; content:"dns.jmx94.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27993837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3837, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tsmu.co.id"; dns.query; content:"doh.tsmu.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3838, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sx.bnds.link"; dns.query; content:"sx.bnds.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27993839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3839, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s2.littlebr.link"; dns.query; content:"s2.littlebr.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27993840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3840, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.plsite.net"; dns.query; content:"dns.plsite.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3841, updated_at 2024_12_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.amlegion.org"; dns.query; content:"resolver1.amlegion.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3842, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsaguard1.duckdns.org"; dns.query; content:"dnsaguard1.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3843, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.erhvict.ru"; dns.query; content:"vpn.erhvict.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3844, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for joouddo.ru"; dns.query; content:"joouddo.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3845, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kayguard.se"; dns.query; content:"kayguard.se"; nocase; fast_pattern; classtype:bad-unknown; sid:27993846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3846, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1.ocam.tk"; dns.query; content:"v1.ocam.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3847, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testbbbbb.hsjgdsk.top"; dns.query; content:"testbbbbb.hsjgdsk.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3848, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freedns.antstars.win"; dns.query; content:"freedns.antstars.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27993849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3849, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ruidasm.xyz"; dns.query; content:"ruidasm.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3850, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.ruidasm.xyz"; dns.query; content:"www.ruidasm.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3851, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mk.skynetinternet.com.br"; dns.query; content:"mk.skynetinternet.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27993852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3852, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dedsuts.com"; dns.query; content:"dns.dedsuts.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3853, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gggzs.com"; dns.query; content:"gggzs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3854, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.gggzs.com"; dns.query; content:"www.gggzs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3855, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.kla44.de"; dns.query; content:"dns1.kla44.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3856, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fope.dev"; dns.query; content:"adguard.fope.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3857, updated_at 2025_01_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-adg.bluenight.me"; dns.query; content:"hk-adg.bluenight.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3858, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fqdn.network"; dns.query; content:"dns.fqdn.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27993859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3859, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for quanmeme.duckdns.org"; dns.query; content:"quanmeme.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3860, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.8tvsuper.eu.org"; dns.query; content:"dns.8tvsuper.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3861, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for k3n.pw"; dns.query; content:"k3n.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3862, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl.dns.shx.su"; dns.query; content:"nl.dns.shx.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27993863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3863, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.jiatianxa1.top"; dns.query; content:"ad.jiatianxa1.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3864, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mb3admin.uno"; dns.query; content:"mb3admin.uno"; nocase; fast_pattern; classtype:bad-unknown; sid:27993865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3865, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adsl.viettel.vn"; dns.query; content:"adsl.viettel.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3866, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safe.dns.sainternet.xyz"; dns.query; content:"safe.dns.sainternet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3867, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unfiltered.dns.sainternet.xyz"; dns.query; content:"unfiltered.dns.sainternet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3868, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.853852.xyz"; dns.query; content:"dns.853852.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3869, updated_at 2025_03_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alwynstudio.com.au"; dns.query; content:"dns.alwynstudio.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27993870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3870, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.conana.info"; dns.query; content:"hk.conana.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3871, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for plichaa12.ddns.net"; dns.query; content:"plichaa12.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3872, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drahonn.pro"; dns.query; content:"drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3873, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.drahonn.pro"; dns.query; content:"adguard.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3874, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ame.drahonn.pro"; dns.query; content:"ame.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3875, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amp.drahonn.pro"; dns.query; content:"amp.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3876, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dcbot.drahonn.pro"; dns.query; content:"dcbot.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3877, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gnode.drahonn.pro"; dns.query; content:"gnode.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3878, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gpanel.drahonn.pro"; dns.query; content:"gpanel.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3879, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lanyard.drahonn.pro"; dns.query; content:"lanyard.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3880, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.drahonn.pro"; dns.query; content:"mail.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3881, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mc.drahonn.pro"; dns.query; content:"mc.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3882, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for musicbot.drahonn.pro"; dns.query; content:"musicbot.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3883, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for othernj.drahonn.pro"; dns.query; content:"othernj.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3884, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sinusbot.drahonn.pro"; dns.query; content:"sinusbot.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3885, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spotifyobs.drahonn.pro"; dns.query; content:"spotifyobs.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3886, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ts.drahonn.pro"; dns.query; content:"ts.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3887, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vid.drahonn.pro"; dns.query; content:"vid.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3888, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for video.drahonn.pro"; dns.query; content:"video.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3889, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn12856.drahonn.pro"; dns.query; content:"vpn12856.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3890, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webmail.drahonn.pro"; dns.query; content:"webmail.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3891, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.drahonn.pro"; dns.query; content:"www.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3892, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x-panel.drahonn.pro"; dns.query; content:"x-panel.drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3893, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sto02.dnscry.pt"; dns.query; content:"sto02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3894, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cdn.sx"; dns.query; content:"adguard.cdn.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27993895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3895, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drs.rustsword.com"; dns.query; content:"drs.rustsword.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3896, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lifeisa.live"; dns.query; content:"lifeisa.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27993897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3897, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for renardbleu.dev"; dns.query; content:"renardbleu.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3898, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 75747123.xyz"; dns.query; content:"75747123.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3899, updated_at 2024_12_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscrypt.xyz"; dns.query; content:"dnscrypt.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3900, updated_at 2024_12_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for regiopolis.cloud"; dns.query; content:"regiopolis.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3901, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for da-91614-tr.xyz"; dns.query; content:"da-91614-tr.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3902, updated_at 2024_12_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ke-03060-tr.xyz"; dns.query; content:"ke-03060-tr.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3903, updated_at 2024_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kf-49509-tr.xyz"; dns.query; content:"kf-49509-tr.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3904, updated_at 2025_01_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rockwell.website"; dns.query; content:"rockwell.website"; nocase; fast_pattern; classtype:bad-unknown; sid:27993905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3905, updated_at 2025_03_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.milkpie.one"; dns.query; content:"dns.milkpie.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27993906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3906, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.f97.xyz"; dns.query; content:"dns.f97.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3907, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sin4.ddnsfree.com"; dns.query; content:"sin4.ddnsfree.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3908, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.free-tester.com"; dns.query; content:"adguard.free-tester.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3909, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for irdns.rapidoserver.ir"; dns.query; content:"irdns.rapidoserver.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27993910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3910, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.himarsman.life"; dns.query; content:"www.himarsman.life"; nocase; fast_pattern; classtype:bad-unknown; sid:27993911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3911, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.griffioen.me"; dns.query; content:"dns.griffioen.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3912, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for volik.me"; dns.query; content:"volik.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3913, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-1.ddns.net"; dns.query; content:"adguard-1.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3914, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-dal-w-p-1.nashkan.net"; dns.query; content:"us-dal-w-p-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3915, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bloqueador.sytes.net"; dns.query; content:"bloqueador.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3916, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.workcavestl.duckdns.org"; dns.query; content:"www.workcavestl.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3917, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wahsun.org"; dns.query; content:"dns.wahsun.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3918, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.grinavto.ru"; dns.query; content:"adg.grinavto.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3919, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk2.1833015459.site"; dns.query; content:"hk2.1833015459.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3920, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sgp.hicn.site"; dns.query; content:"dns.sgp.hicn.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3921, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dflexy.house.nom.br"; dns.query; content:"dflexy.house.nom.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27993922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3922, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blitzd.gotdns.ch"; dns.query; content:"blitzd.gotdns.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27993923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3923, updated_at 2025_03_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oboor.cloud"; dns.query; content:"dns.oboor.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3924, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yujunwanwu.cn"; dns.query; content:"yujunwanwu.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3925, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.yujunwanwu.cn"; dns.query; content:"www.yujunwanwu.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3926, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aghome.jcconnell.com"; dns.query; content:"aghome.jcconnell.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3927, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.olesgroup.com"; dns.query; content:"adh.olesgroup.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3928, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.taskforce-labs.com"; dns.query; content:"dns.taskforce-labs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3929, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usascoot.com"; dns.query; content:"usascoot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3930, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.usascoot.com"; dns.query; content:"www.usascoot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3931, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for personal-proj-by-me.eu"; dns.query; content:"personal-proj-by-me.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3932, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sww.net.id"; dns.query; content:"doh.sww.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3933, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sretribe.net"; dns.query; content:"adguard.sretribe.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3934, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gussguss.ovh"; dns.query; content:"dns.gussguss.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27993935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3935, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for firelab.site"; dns.query; content:"firelab.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3936, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kendentil.org.uk"; dns.query; content:"kendentil.org.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3937, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for openeasy.us"; dns.query; content:"openeasy.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27993938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3938, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rinux.win"; dns.query; content:"dns.rinux.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27993939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3939, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for toropyzhka.xyz"; dns.query; content:"toropyzhka.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3940, updated_at 2025_01_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zneginnl.website"; dns.query; content:"zneginnl.website"; nocase; fast_pattern; classtype:bad-unknown; sid:27993941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3941, updated_at 2024_12_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.meudispositivos.com.br"; dns.query; content:"guard.meudispositivos.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27993942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3942, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tonyctalope.click"; dns.query; content:"dns.tonyctalope.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27993943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3943, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sudo.rm-rf.cloud"; dns.query; content:"sudo.rm-rf.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3944, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ak3n.com"; dns.query; content:"dns.ak3n.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3945, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alfredku1.asuscomm.com"; dns.query; content:"alfredku1.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3946, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tech-vnet.com"; dns.query; content:"tech-vnet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3947, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.titov.cz"; dns.query; content:"dns.titov.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3948, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lululu.dev"; dns.query; content:"dns.lululu.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3949, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gupthabrothers.in"; dns.query; content:"dns.gupthabrothers.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27993950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3950, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.johndave.me"; dns.query; content:"dns.johndave.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3951, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.homenet.saschagaspar.net"; dns.query; content:"dns.homenet.saschagaspar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3952, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad1guard.duckdns.org"; dns.query; content:"ad1guard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3953, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for heavenorhell.ru"; dns.query; content:"heavenorhell.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3954, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for komo4ek.ru"; dns.query; content:"komo4ek.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3955, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.komo4ek.ru"; dns.query; content:"dns.komo4ek.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3956, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.komo4ek.ru"; dns.query; content:"www.komo4ek.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3957, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.136852.xyz"; dns.query; content:"dns.136852.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3958, updated_at 2025_01_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for router.ahzol.com"; dns.query; content:"router.ahzol.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3959, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amgr.asuscomm.com"; dns.query; content:"amgr.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3960, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rgnv.dev"; dns.query; content:"dns.rgnv.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3961, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.spacework.com.mx"; dns.query; content:"adg.spacework.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27993962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3962, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aden.my"; dns.query; content:"aden.my"; nocase; fast_pattern; classtype:bad-unknown; sid:27993963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3963, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yuyz.net"; dns.query; content:"dns.yuyz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3964, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qpt.one"; dns.query; content:"dns.qpt.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27993965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3965, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.qpt.one"; dns.query; content:"dns2.qpt.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27993966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3966, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pitchforkwaydns.duckdns.org"; dns.query; content:"pitchforkwaydns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3967, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for devopslearning.zapto.org"; dns.query; content:"devopslearning.zapto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3968, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.adrianofrongillo.ovh"; dns.query; content:"adguard.adrianofrongillo.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27993969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3969, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.ytpom.ru"; dns.query; content:"dns2.ytpom.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3970, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for khome.site"; dns.query; content:"khome.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3971, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outdoorchair.site"; dns.query; content:"outdoorchair.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3972, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ovhcloud.mehmetarikan.tech"; dns.query; content:"ovhcloud.mehmetarikan.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27993973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3973, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.jason666.top"; dns.query; content:"hk.jason666.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3974, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-public.exitstat.us"; dns.query; content:"dot-public.exitstat.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27993975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3975, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seoul.101818.xyz"; dns.query; content:"seoul.101818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3976, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps01.bbhc.xyz"; dns.query; content:"vps01.bbhc.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3977, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.libost.xyz"; dns.query; content:"us.libost.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3978, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crusnik80.co.za"; dns.query; content:"crusnik80.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27993979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3979, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brono.cloud"; dns.query; content:"dns.brono.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3980, updated_at 2025_03_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zui.lol"; dns.query; content:"dns.zui.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27993981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3981, updated_at 2025_05_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.aa4.co.uk"; dns.query; content:"adguard.aa4.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3982, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sm2.doh.pub"; dns.query; content:"sm2.doh.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27993983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3983, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.de.futuredns.eu.org"; dns.query; content:"dns.de.futuredns.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3984, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.butterfly87.sbs"; dns.query; content:"dns.butterfly87.sbs"; nocase; fast_pattern; classtype:bad-unknown; sid:27993985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3985, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dremaxx.de"; dns.query; content:"dns.dremaxx.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3986, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for droyd.top"; dns.query; content:"droyd.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3987, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.hjebbour.top"; dns.query; content:"adguard.hjebbour.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3988, updated_at 2025_02_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kasbot.net"; dns.query; content:"adguard.kasbot.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3989, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for moamao.shop"; dns.query; content:"moamao.shop"; nocase; fast_pattern; classtype:bad-unknown; sid:27993990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3990, updated_at 2025_05_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thiz.top"; dns.query; content:"dns.thiz.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3991, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us.futuredns.eu.org"; dns.query; content:"dns.us.futuredns.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3992, updated_at 2025_05_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iterator.lazada.com"; dns.query; content:"iterator.lazada.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3993, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chunghwamc.com"; dns.query; content:"dns.chunghwamc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3994, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yyc01.dnscry.pt"; dns.query; content:"yyc01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3995, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yhz01.dnscry.pt"; dns.query; content:"yhz01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3996, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for man01.dnscry.pt"; dns.query; content:"man01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27993997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3997, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ntwrkh.pro"; dns.query; content:"ntwrkh.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27993998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3998, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pepetio.xyz"; dns.query; content:"pepetio.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3999, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for znegindeh2.top"; dns.query; content:"znegindeh2.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4000, updated_at 2025_01_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.7sec.com.br"; dns.query; content:"dns.7sec.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27994001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4001, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.gregoret.com.ar"; dns.query; content:"dns2.gregoret.com.ar"; nocase; fast_pattern; classtype:bad-unknown; sid:27994002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4002, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.articrevised.cc"; dns.query; content:"dns.articrevised.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27994003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4003, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 23.106.141.137.16clouds.com"; dns.query; content:"23.106.141.137.16clouds.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4004, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.proprietarypenguin.com"; dns.query; content:"dns.proprietarypenguin.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4005, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3.local-dns.noridev.moe"; dns.query; content:"3.local-dns.noridev.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27994006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4006, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-proxy.duckdns.org"; dns.query; content:"dns-proxy.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4007, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leoadguard.duckdns.org"; dns.query; content:"leoadguard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4008, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uscmi.hiomath.org"; dns.query; content:"uscmi.hiomath.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4009, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for grr01.dnscry.pt"; dns.query; content:"grr01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4010, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iah01.dnscry.pt"; dns.query; content:"iah01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4011, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tuu01.dnscry.pt"; dns.query; content:"tuu01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4012, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flyer.vn"; dns.query; content:"dns.flyer.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4013, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddd.999369.xyz"; dns.query; content:"ddd.999369.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4014, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.battle.christmas"; dns.query; content:"doh.battle.christmas"; nocase; fast_pattern; classtype:bad-unknown; sid:27994015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4015, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.444723.xyz"; dns.query; content:"dns.444723.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4016, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.774445.xyz"; dns.query; content:"doh.774445.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4017, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.775467.xyz"; dns.query; content:"dns.775467.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4018, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.8887744.xyz"; dns.query; content:"dns.8887744.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4019, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lecker.pizza"; dns.query; content:"lecker.pizza"; nocase; fast_pattern; classtype:bad-unknown; sid:27994020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4020, updated_at 2024_12_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for polisitogel.realty"; dns.query; content:"polisitogel.realty"; nocase; fast_pattern; classtype:bad-unknown; sid:27994021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4021, updated_at 2025_02_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for solaxy.live"; dns.query; content:"solaxy.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27994022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4022, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.ayrespace.cc"; dns.query; content:"adguard2.ayrespace.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27994023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4023, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for awcdn.cn"; dns.query; content:"awcdn.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4024, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.73zls.com"; dns.query; content:"dns.73zls.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4025, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vless-service.ufodns.com"; dns.query; content:"vless-service.ufodns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4026, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg-wd.de"; dns.query; content:"adg-wd.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4027, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.thebluemeistergamer.de"; dns.query; content:"server.thebluemeistergamer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4028, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.freeddns.org"; dns.query; content:"adblock.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4029, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.volsap.ovh"; dns.query; content:"dns.volsap.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27994030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4030, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gdns.end.pub"; dns.query; content:"gdns.end.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27994031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4031, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb.aiec.vn"; dns.query; content:"adb.aiec.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4032, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thezudrive.xyz"; dns.query; content:"dns.thezudrive.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4033, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bakamh.news"; dns.query; content:"bakamh.news"; nocase; fast_pattern; classtype:bad-unknown; sid:27994034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4034, updated_at 2025_01_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for irrelevant.cc"; dns.query; content:"irrelevant.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27994035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4035, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.iwall.cloud"; dns.query; content:"dns1.iwall.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27994036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4036, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for next-dns.cn"; dns.query; content:"next-dns.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4037, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rahavard365.co"; dns.query; content:"dns.rahavard365.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27994038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4038, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hexxitcompany.com"; dns.query; content:"hexxitcompany.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4039, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sinkdns.nihatkalfazade.com"; dns.query; content:"sinkdns.nihatkalfazade.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4040, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for midgard.asguardian.de"; dns.query; content:"midgard.asguardian.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4041, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s.hd440.de"; dns.query; content:"s.hd440.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4042, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nimeserver.kirjakast.eu"; dns.query; content:"nimeserver.kirjakast.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4043, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.anne-pierre.fr"; dns.query; content:"dns.anne-pierre.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27994044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4044, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nimzero.fr"; dns.query; content:"dns.nimzero.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27994045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4045, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for com.you-seen.fr"; dns.query; content:"com.you-seen.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27994046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4046, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.linzheng.fun"; dns.query; content:"dns.linzheng.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27994047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4047, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arvrekis.icu"; dns.query; content:"arvrekis.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4048, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-idx1.itsec.my.id"; dns.query; content:"dns-idx1.itsec.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4049, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh1.server.my.id"; dns.query; content:"agh1.server.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4050, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh3.server.my.id"; dns.query; content:"agh3.server.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4051, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thisisbigbang.ir"; dns.query; content:"dns.thisisbigbang.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27994052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4052, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shinano.anime.com.my"; dns.query; content:"shinano.anime.com.my"; nocase; fast_pattern; classtype:bad-unknown; sid:27994053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4053, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for phantom3c.net"; dns.query; content:"phantom3c.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4054, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.phantom3c.net"; dns.query; content:"dns.phantom3c.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4055, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-sehat.apigw.online"; dns.query; content:"dns-sehat.apigw.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27994056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4056, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for k3rnel-pan1c.online"; dns.query; content:"k3rnel-pan1c.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27994057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4057, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for studioai.freeddns.org"; dns.query; content:"studioai.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4058, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.3iq.quest"; dns.query; content:"dns.3iq.quest"; nocase; fast_pattern; classtype:bad-unknown; sid:27994059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4059, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for admir21.ru"; dns.query; content:"admir21.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4060, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blockadhomemoskva.ru"; dns.query; content:"blockadhomemoskva.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4061, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gersoctruda.ru"; dns.query; content:"gersoctruda.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4062, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for az.i81.ru"; dns.query; content:"az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4063, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3x.az.i81.ru"; dns.query; content:"3x.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4064, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.az.i81.ru"; dns.query; content:"alisa.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4065, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.az.i81.ru"; dns.query; content:"amigo.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4066, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.az.i81.ru"; dns.query; content:"dns.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4067, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filya.az.i81.ru"; dns.query; content:"filya.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4068, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.az.i81.ru"; dns.query; content:"igor.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4069, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jin.az.i81.ru"; dns.query; content:"jin.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4070, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.az.i81.ru"; dns.query; content:"kotys.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4071, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lena.az.i81.ru"; dns.query; content:"lena.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4072, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.az.i81.ru"; dns.query; content:"luba.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4073, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.az.i81.ru"; dns.query; content:"olga.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4074, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vasya.az.i81.ru"; dns.query; content:"vasya.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4075, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.az.i81.ru"; dns.query; content:"vova.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4076, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.az.i81.ru"; dns.query; content:"vovale.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4077, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for win10virtual.az.i81.ru"; dns.query; content:"win10virtual.az.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4078, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lamhoangtung.space"; dns.query; content:"adguard.lamhoangtung.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27994079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4079, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dmit.wangjiaqi.store"; dns.query; content:"dmit.wangjiaqi.store"; nocase; fast_pattern; classtype:bad-unknown; sid:27994080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4080, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for my2.uk.to"; dns.query; content:"my2.uk.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27994081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4081, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testhubnb.hsjgdsk.top"; dns.query; content:"testhubnb.hsjgdsk.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4082, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nekosama.store"; dns.query; content:"nekosama.store"; nocase; fast_pattern; classtype:bad-unknown; sid:27994083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4083, updated_at 2025_02_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for f.9132706292.cloudns.be"; dns.query; content:"f.9132706292.cloudns.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27994084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4084, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kirov.unicom.cloudns.be"; dns.query; content:"kirov.unicom.cloudns.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27994085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4085, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnstx.axhy.cc"; dns.query; content:"dnstx.axhy.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27994086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4086, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.joshcheng.cc"; dns.query; content:"dns.joshcheng.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27994087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4087, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shakdns.cc"; dns.query; content:"shakdns.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27994088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4088, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.yoosoo.cc"; dns.query; content:"hk.yoosoo.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27994089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4089, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for enclosr.co"; dns.query; content:"enclosr.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27994090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4090, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.007terminal.com"; dns.query; content:"adguard.007terminal.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4091, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bbnbd.com"; dns.query; content:"dns.bbnbd.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4092, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bmc-media.com"; dns.query; content:"dns.bmc-media.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4093, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.coco-tama-hoiku.com"; dns.query; content:"ag.coco-tama-hoiku.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4094, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nv89f20.glddns.com"; dns.query; content:"nv89f20.glddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4095, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.manmademagic.com"; dns.query; content:"adguard.manmademagic.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4096, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sverzhe.com"; dns.query; content:"adguard.sverzhe.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4097, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for swe.try-dns.com"; dns.query; content:"swe.try-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4098, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wryhf.com"; dns.query; content:"dns.wryhf.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4099, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oraclejp01.zerotorez.com"; dns.query; content:"oraclejp01.zerotorez.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4100, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.0a4.de"; dns.query; content:"adguard.0a4.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4101, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2202405224322270920.megasrv.de"; dns.query; content:"v2202405224322270920.megasrv.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4102, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.azagra.dev"; dns.query; content:"home.azagra.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27994103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4103, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dewei.dev"; dns.query; content:"dns.dewei.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27994104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4104, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.goertz.digital"; dns.query; content:"dns.goertz.digital"; nocase; fast_pattern; classtype:bad-unknown; sid:27994105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4105, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dualhosting.eu"; dns.query; content:"dns.dualhosting.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4106, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.invent.hr"; dns.query; content:"dns.invent.hr"; nocase; fast_pattern; classtype:bad-unknown; sid:27994107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4107, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.99i.icu"; dns.query; content:"dns.99i.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4108, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.be2aja.my.id"; dns.query; content:"dns.be2aja.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4109, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for positif4.cross.net.id"; dns.query; content:"positif4.cross.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4110, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.gms.net.id"; dns.query; content:"dns1.gms.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4111, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srv.insec.link"; dns.query; content:"srv.insec.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27994112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4112, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.vilbav.id.lv"; dns.query; content:"guard.vilbav.id.lv"; nocase; fast_pattern; classtype:bad-unknown; sid:27994113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4113, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moondip.net"; dns.query; content:"dns.moondip.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4114, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.paliska.net"; dns.query; content:"dns.paliska.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4115, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.iyn.one"; dns.query; content:"ag.iyn.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27994116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4116, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.onlyshadow.online"; dns.query; content:"dns.onlyshadow.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27994117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4117, updated_at 2025_03_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardcalpena.duckdns.org"; dns.query; content:"adguardcalpena.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4118, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lpse.privatedns.org"; dns.query; content:"lpse.privatedns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4119, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kzrz.pl"; dns.query; content:"dns.kzrz.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27994120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4120, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ap-adguard.bougeard.pro"; dns.query; content:"ap-adguard.bougeard.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27994121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4121, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aitkcrev.minhduc.pw"; dns.query; content:"aitkcrev.minhduc.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27994122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4122, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vds2380673.my-ihor.ru"; dns.query; content:"vds2380673.my-ihor.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4123, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for msk.noad7vk.ru"; dns.query; content:"msk.noad7vk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4124, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.stepnew.ru"; dns.query; content:"ag.stepnew.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4125, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thxvv.ru"; dns.query; content:"thxvv.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4126, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.voyager2.space"; dns.query; content:"dns.voyager2.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27994127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4127, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jhamlin.tech"; dns.query; content:"dns.jhamlin.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27994128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4128, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.free-mind.top"; dns.query; content:"dns.free-mind.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4129, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr.tomgirl.top"; dns.query; content:"kr.tomgirl.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4130, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xiaoks.top"; dns.query; content:"dns.xiaoks.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4131, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akile.zxht3123xyz.top"; dns.query; content:"akile.zxht3123xyz.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4132, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bigseal1.gu-natee.uk"; dns.query; content:"bigseal1.gu-natee.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27994133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4133, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsguard.hte.vn"; dns.query; content:"dnsguard.hte.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4134, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp193.flyzhouyc.win"; dns.query; content:"jp193.flyzhouyc.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27994135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4135, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for byvurguncu.xyz"; dns.query; content:"byvurguncu.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4136, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-sec-28-nbg.bastivan.com"; dns.query; content:"dns-sec-28-nbg.bastivan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4137, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.cnnet-hk.com"; dns.query; content:"www.cnnet-hk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4138, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.imkvq.com"; dns.query; content:"dns1.imkvq.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4139, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lauraeguido.com"; dns.query; content:"dns.lauraeguido.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4140, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ss.microbaidu.com"; dns.query; content:"ss.microbaidu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4141, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mslbn.com"; dns.query; content:"mslbn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4142, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.reaticle.com"; dns.query; content:"hk.reaticle.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4143, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for schimtar.com"; dns.query; content:"schimtar.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4144, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.schimtar.com"; dns.query; content:"dns.schimtar.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4145, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsk.schimtar.com"; dns.query; content:"dnsk.schimtar.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4146, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr-cn2.trueistic.com"; dns.query; content:"kr-cn2.trueistic.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4147, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.carilagi.id"; dns.query; content:"d.carilagi.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4148, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dumk.in"; dns.query; content:"dns.dumk.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27994149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4149, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.blackmarketcp.ir"; dns.query; content:"dns.blackmarketcp.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27994150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4150, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 4gdns.me"; dns.query; content:"4gdns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27994151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4151, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ikoniaga.net"; dns.query; content:"dns.ikoniaga.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4152, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for genielee.duckdns.org"; dns.query; content:"genielee.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4153, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stuxen.duckdns.org"; dns.query; content:"stuxen.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4154, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privateservices.pro"; dns.query; content:"dns.privateservices.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27994155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4155, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for funtikspb.ru"; dns.query; content:"funtikspb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4156, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for randn.ru"; dns.query; content:"randn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4157, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.randn.ru"; dns.query; content:"adguard.randn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4158, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.adguard.randn.ru"; dns.query; content:"www.adguard.randn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4159, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.randn.ru"; dns.query; content:"www.randn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4160, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgdns.site"; dns.query; content:"sgdns.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27994161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4161, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wifri.space"; dns.query; content:"adguard.wifri.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27994162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4162, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mcore.us.to"; dns.query; content:"mcore.us.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27994163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4163, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testccccc.hsjgdsk.top"; dns.query; content:"testccccc.hsjgdsk.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4164, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hashemlabs.co.uk"; dns.query; content:"dns.hashemlabs.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27994165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4165, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for simsim.lol"; dns.query; content:"simsim.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27994166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4166, updated_at 2025_01_08;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vod11.xyz"; dns.query; content:"dns.vod11.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4167, updated_at 2025_03_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public.ns.nwps.fi"; dns.query; content:"public.ns.nwps.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4168, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.ns.nwps.fi"; dns.query; content:"kids.ns.nwps.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4169, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asia.tri-dns.net"; dns.query; content:"asia.tri-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4170, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sublime9.xyz"; dns.query; content:"doh.sublime9.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4171, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tensents.shop"; dns.query; content:"tensents.shop"; nocase; fast_pattern; classtype:bad-unknown; sid:27994172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4172, updated_at 2025_01_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for paradise-human.shop"; dns.query; content:"paradise-human.shop"; nocase; fast_pattern; classtype:bad-unknown; sid:27994173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4173, updated_at 2025_04_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mytest.cc"; dns.query; content:"dns.mytest.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27994174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4174, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sowilo.info"; dns.query; content:"dns.sowilo.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27994175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4175, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-p-4.nashkan.net"; dns.query; content:"ae-fuj-w-p-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4176, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaiser.int.eu.org"; dns.query; content:"kaiser.int.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4177, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blr01.dnscry.pt"; dns.query; content:"blr01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4178, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for buh01.dnscry.pt"; dns.query; content:"buh01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4179, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for huv01.dnscry.pt"; dns.query; content:"huv01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4180, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jax01.dnscry.pt"; dns.query; content:"jax01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4181, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lux01.dnscry.pt"; dns.query; content:"lux01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4182, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for prg01.dnscry.pt"; dns.query; content:"prg01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4183, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doq64.dns4all.eu"; dns.query; content:"doq64.dns4all.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4184, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doq.dns4all.eu"; dns.query; content:"doq.dns4all.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4185, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huas.me"; dns.query; content:"dns.huas.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27994186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4186, updated_at 2025_02_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.pumplex.com"; dns.query; content:"2.dnscrypt-cert.pumplex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4187, updated_at 2025_02_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ho.al"; dns.query; content:"dns.ho.al"; nocase; fast_pattern; classtype:bad-unknown; sid:27994188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4188, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ugm.asia"; dns.query; content:"ugm.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27994189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4189, updated_at 2025_02_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.veanswart.cloudns.be"; dns.query; content:"adguard.veanswart.cloudns.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27994190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4190, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for epyc.cyberbeta.cn"; dns.query; content:"epyc.cyberbeta.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4191, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xiaoxinhui.cn"; dns.query; content:"xiaoxinhui.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4192, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xiaoxinhui.cn"; dns.query; content:"dns.xiaoxinhui.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4193, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.xiaoxinhui.cn"; dns.query; content:"mail.xiaoxinhui.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4194, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alexj123.mooo.com"; dns.query; content:"alexj123.mooo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4195, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for justice-v.de"; dns.query; content:"justice-v.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4196, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gotacat.dev"; dns.query; content:"dns.gotacat.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27994197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4197, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yt.tinadresses.ir"; dns.query; content:"yt.tinadresses.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27994198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4198, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for carolinareaper.heeremans.net"; dns.query; content:"carolinareaper.heeremans.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4199, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsnacho.sytes.net"; dns.query; content:"nsnacho.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4200, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for my.radio-web.online"; dns.query; content:"my.radio-web.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27994201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4201, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for humandata.hopto.org"; dns.query; content:"humandata.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4202, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mavalleenumerique.hopto.org"; dns.query; content:"mavalleenumerique.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4203, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.rifat.org"; dns.query; content:"dot.rifat.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4204, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us44nas.top"; dns.query; content:"us44nas.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4205, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.huyhung.name.vn"; dns.query; content:"adns.huyhung.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4206, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.anonmedia.xyz"; dns.query; content:"dns.anonmedia.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4207, updated_at 2025_01_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.sarak.as"; dns.query; content:"dns1.sarak.as"; nocase; fast_pattern; classtype:bad-unknown; sid:27994208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4208, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.sarak.as"; dns.query; content:"dns2.sarak.as"; nocase; fast_pattern; classtype:bad-unknown; sid:27994209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4209, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r.cc7878.cc"; dns.query; content:"r.cc7878.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27994210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4210, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for walhalla.freemyip.com"; dns.query; content:"walhalla.freemyip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4211, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.hoangcongchuc.com"; dns.query; content:"adguard.hoangcongchuc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4212, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.stealbit.com"; dns.query; content:"adguard2.stealbit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4213, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.johanneskr.de"; dns.query; content:"adns.johanneskr.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4214, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.sillav.dev"; dns.query; content:"dns2.sillav.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27994215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4215, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wallpap.eu"; dns.query; content:"wallpap.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4216, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skynet.2bsafe.info"; dns.query; content:"skynet.2bsafe.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27994217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4217, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xins.live"; dns.query; content:"xins.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27994218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4218, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xins.live"; dns.query; content:"dns.xins.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27994219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4219, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bwg.sooda.moe"; dns.query; content:"bwg.sooda.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27994220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4220, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hayadns.online"; dns.query; content:"hayadns.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27994221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4221, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh2lj.duckdns.org"; dns.query; content:"agh2lj.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4222, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oxv.duckdns.org"; dns.query; content:"oxv.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4223, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for site-2.duckdns.org"; dns.query; content:"site-2.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4224, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x861g.duckdns.org"; dns.query; content:"x861g.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4225, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test.marss.pro"; dns.query; content:"test.marss.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27994226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4226, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for per01.dnscry.pt"; dns.query; content:"per01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4227, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myadg.ru"; dns.query; content:"myadg.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4228, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b9c7dc4e-7dde-4903-935b-fd6ea59ca4fb.space"; dns.query; content:"b9c7dc4e-7dde-4903-935b-fd6ea59ca4fb.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27994229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4229, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fatu.systems"; dns.query; content:"adguard.fatu.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27994230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4230, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.voronin.uk"; dns.query; content:"dns.voronin.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27994231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4231, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps-1f675aa1.vps.ovh.us"; dns.query; content:"vps-1f675aa1.vps.ovh.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27994232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4232, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ichiboku.be"; dns.query; content:"adguard.ichiboku.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27994233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4233, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.staygeo.com"; dns.query; content:"adguard.staygeo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4234, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ssytnik.de"; dns.query; content:"ssytnik.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4235, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.ssytnik.de"; dns.query; content:"vpn.ssytnik.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4236, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.koduarve.ee"; dns.query; content:"doh.koduarve.ee"; nocase; fast_pattern; classtype:bad-unknown; sid:27994237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4237, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shop.luckygem.me"; dns.query; content:"shop.luckygem.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27994238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4238, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for petinom.online"; dns.query; content:"petinom.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27994239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4239, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nqh-dns.duckdns.org"; dns.query; content:"nqh-dns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4240, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ms.gswsfh2021.site"; dns.query; content:"ms.gswsfh2021.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27994241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4241, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ip.cubecloud.win"; dns.query; content:"ip.cubecloud.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27994242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4242, updated_at 2025_03_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 454345.xyz"; dns.query; content:"454345.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4243, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3x.454345.xyz"; dns.query; content:"3x.454345.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4244, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.454345.xyz"; dns.query; content:"dns.454345.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4245, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.dns.454345.xyz"; dns.query; content:"alisa.dns.454345.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4246, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.dns.454345.xyz"; dns.query; content:"home.dns.454345.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4247, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.dns.454345.xyz"; dns.query; content:"igor.dns.454345.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4248, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.dns.454345.xyz"; dns.query; content:"olga.dns.454345.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4249, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 45545545.xyz"; dns.query; content:"45545545.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4250, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.45545545.xyz"; dns.query; content:"dns.45545545.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4251, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pavel.dns.45545545.xyz"; dns.query; content:"pavel.dns.45545545.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4252, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.xyz"; dns.query; content:"adguardhome.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4253, updated_at 2025_02_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-pure.onedns.net"; dns.query; content:"doh-pure.onedns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4254, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for johneldenring.lol"; dns.query; content:"johneldenring.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27994255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4255, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unfiltered.adguarddns.com"; dns.query; content:"unfiltered.adguarddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4256, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.adguarddns.com"; dns.query; content:"family.adguarddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4257, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguarddns.com"; dns.query; content:"dns.adguarddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4258, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for http-dns.imoim.net"; dns.query; content:"http-dns.imoim.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4259, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.complianceauditores.com.br"; dns.query; content:"dns.complianceauditores.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27994260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4260, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.omada.cafe"; dns.query; content:"dns.omada.cafe"; nocase; fast_pattern; classtype:bad-unknown; sid:27994261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4261, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fencons.com"; dns.query; content:"dns.fencons.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4262, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi.r5acq.com"; dns.query; content:"fi.r5acq.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4263, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.temanbsd.com"; dns.query; content:"doh.temanbsd.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4264, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 0815cloud.de"; dns.query; content:"0815cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4265, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.0815cloud.de"; dns.query; content:"adblock.0815cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4266, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for passwordsafe.0815cloud.de"; dns.query; content:"passwordsafe.0815cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4267, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wlan.0815cloud.de"; dns.query; content:"wlan.0815cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4268, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for la-nnss.ppleg.icu"; dns.query; content:"la-nnss.ppleg.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4269, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lacf-nnss.ppleg.icu"; dns.query; content:"lacf-nnss.ppleg.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4270, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-sgx1.itsec.my.id"; dns.query; content:"dns-sgx1.itsec.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4271, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for geolfond.info"; dns.query; content:"geolfond.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27994272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4272, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bortus.io"; dns.query; content:"dns.bortus.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27994273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4273, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for happy365.me"; dns.query; content:"happy365.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27994274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4274, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zapacasa.ddns.net"; dns.query; content:"zapacasa.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4275, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ldaman.duckdns.org"; dns.query; content:"ldaman.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4276, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tw2.duckdns.org"; dns.query; content:"tw2.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4277, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s3.d3mik.ru"; dns.query; content:"s3.d3mik.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4278, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for juicysalmon.ru"; dns.query; content:"juicysalmon.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4279, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for az.dz4fun.top"; dns.query; content:"az.dz4fun.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4280, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.damlayayinevi.com.tr"; dns.query; content:"dns.damlayayinevi.com.tr"; nocase; fast_pattern; classtype:bad-unknown; sid:27994281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4281, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nightlymoon.us.kg"; dns.query; content:"dns.nightlymoon.us.kg"; nocase; fast_pattern; classtype:bad-unknown; sid:27994282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4282, updated_at 2025_03_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.paulo.nom.za"; dns.query; content:"dns.paulo.nom.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27994283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4283, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.mask.icloud.com"; dns.query; content:"www.mask.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4284, updated_at 2025_02_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.mask-api.icloud.com"; dns.query; content:"www.mask-api.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4285, updated_at 2025_02_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.dnsprivacy.org.uk"; dns.query; content:"resolver.dnsprivacy.org.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27994286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4286, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kremzein.com"; dns.query; content:"dns.kremzein.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4287, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for e23a.mooo.com"; dns.query; content:"e23a.mooo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4288, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.npglocal.com"; dns.query; content:"adguard.npglocal.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4289, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sterlingharris.com"; dns.query; content:"sterlingharris.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4290, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.xandersalarie.com"; dns.query; content:"adguard.xandersalarie.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4291, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xyz3.zmjflow.com"; dns.query; content:"xyz3.zmjflow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4292, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nilfheim.asguardian.de"; dns.query; content:"nilfheim.asguardian.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4293, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oliverweinhold.de"; dns.query; content:"dns.oliverweinhold.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4294, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nostaloogia.ir"; dns.query; content:"adguard.nostaloogia.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27994295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4295, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mcexp.it"; dns.query; content:"dns.mcexp.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27994296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4296, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hwcloud.dns.navy"; dns.query; content:"hwcloud.dns.navy"; nocase; fast_pattern; classtype:bad-unknown; sid:27994297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4297, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for isecsolutions.ddns.net"; dns.query; content:"isecsolutions.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4298, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gsmseti.net"; dns.query; content:"dns.gsmseti.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4299, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.preden.net"; dns.query; content:"adguardhome.preden.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4300, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pure.lunetra.online"; dns.query; content:"pure.lunetra.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27994301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4301, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dynx.pro"; dns.query; content:"dns.dynx.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27994302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4302, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.srv.augh.ru"; dns.query; content:"dns2.srv.augh.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4303, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thebase-gup.ru"; dns.query; content:"dns.thebase-gup.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4304, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb.amishkaz.site"; dns.query; content:"adb.amishkaz.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27994305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4305, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filter.badbotdev.xyz"; dns.query; content:"filter.badbotdev.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4306, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xmr.land"; dns.query; content:"xmr.land"; nocase; fast_pattern; classtype:bad-unknown; sid:27994307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4307, updated_at 2025_04_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pddzz.cfd"; dns.query; content:"dns.pddzz.cfd"; nocase; fast_pattern; classtype:bad-unknown; sid:27994308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4308, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tokyo.92-m.com"; dns.query; content:"tokyo.92-m.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4309, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huizhechi.com"; dns.query; content:"dns.huizhechi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4310, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh-jkt.santainetwork.my.id"; dns.query; content:"agh-jkt.santainetwork.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4311, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eymg5h77lfs6zhwzmv47gkh0a4r1f1ydfprzxidk.ir"; dns.query; content:"eymg5h77lfs6zhwzmv47gkh0a4r1f1ydfprzxidk.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27994312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4312, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for powerankerfrankfurthy.mbahmaee.ir"; dns.query; content:"powerankerfrankfurthy.mbahmaee.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27994313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4313, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clementine-home.link"; dns.query; content:"clementine-home.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27994314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4314, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-agh1.dns.cryptroute.net"; dns.query; content:"ae-agh1.dns.cryptroute.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4315, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thuis.familiethomassen.nl"; dns.query; content:"thuis.familiethomassen.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27994316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4316, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spyro-the-bat.fleuryk.ovh"; dns.query; content:"spyro-the-bat.fleuryk.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27994317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4317, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spyrothebat.fleuryk.ovh"; dns.query; content:"spyrothebat.fleuryk.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27994318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4318, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg03.dnscry.pt"; dns.query; content:"hkg03.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4319, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.gmalov.ru"; dns.query; content:"vpn.gmalov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4320, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for online.zotio.ru"; dns.query; content:"online.zotio.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4321, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shinpamc.site"; dns.query; content:"dns.shinpamc.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27994322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4322, updated_at 2025_04_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ios.so"; dns.query; content:"dns.ios.so"; nocase; fast_pattern; classtype:bad-unknown; sid:27994323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4323, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test.businessconnect.com.tr"; dns.query; content:"test.businessconnect.com.tr"; nocase; fast_pattern; classtype:bad-unknown; sid:27994324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4324, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dd.phamanh.io.vn"; dns.query; content:"dd.phamanh.io.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4325, updated_at 2025_05_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for look.cubecloud.win"; dns.query; content:"look.cubecloud.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27994326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4326, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.320888.xyz"; dns.query; content:"dns.320888.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4327, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.labnekotest.site"; dns.query; content:"dns.labnekotest.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27994328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4328, updated_at 2025_04_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mattiafenzi.uk"; dns.query; content:"adguard.mattiafenzi.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27994329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4329, updated_at 2025_03_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for quic.lol"; dns.query; content:"quic.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27994330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4330, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.13evl.com"; dns.query; content:"dns1.13evl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4331, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-adguard.dr3ff1c13nt.com"; dns.query; content:"de-adguard.dr3ff1c13nt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4332, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dr3ff1c13nt.com"; dns.query; content:"dns.dr3ff1c13nt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4333, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for laptopdns.dr3ff1c13nt.com"; dns.query; content:"laptopdns.dr3ff1c13nt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4334, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for phonedns.dr3ff1c13nt.com"; dns.query; content:"phonedns.dr3ff1c13nt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4335, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for twingatedns.dr3ff1c13nt.com"; dns.query; content:"twingatedns.dr3ff1c13nt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4336, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.k1vzx.com"; dns.query; content:"dns.k1vzx.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4337, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dedicated.singapore.theinvisiblevpn.com"; dns.query; content:"dedicated.singapore.theinvisiblevpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4338, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-idx2.itsec.my.id"; dns.query; content:"dns-idx2.itsec.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4339, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.techlike.in"; dns.query; content:"adguard.techlike.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27994340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4340, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns4.bortus.io"; dns.query; content:"dns4.bortus.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27994341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4341, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nop.mobi"; dns.query; content:"nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4342, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nop.mobi"; dns.query; content:"adguard.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4343, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for auth.nop.mobi"; dns.query; content:"auth.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4344, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for callcontrol.nop.mobi"; dns.query; content:"callcontrol.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4345, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nop.mobi"; dns.query; content:"dns.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4346, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dsec.nop.mobi"; dns.query; content:"dsec.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4347, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for focus.nop.mobi"; dns.query; content:"focus.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4348, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guest.nop.mobi"; dns.query; content:"guest.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4349, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hallo.nop.mobi"; dns.query; content:"hallo.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4350, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hello.nop.mobi"; dns.query; content:"hello.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4351, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jirecon.nop.mobi"; dns.query; content:"jirecon.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4352, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jitsi.nop.mobi"; dns.query; content:"jitsi.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4353, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for m.nop.mobi"; dns.query; content:"m.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4354, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for meet.nop.mobi"; dns.query; content:"meet.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4355, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n.nop.mobi"; dns.query; content:"n.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4356, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for name.nop.mobi"; dns.query; content:"name.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4357, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rslv.nop.mobi"; dns.query; content:"rslv.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4358, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sinda.nop.mobi"; dns.query; content:"sinda.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4359, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for video.nop.mobi"; dns.query; content:"video.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4360, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.nop.mobi"; dns.query; content:"www.nop.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27994361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4361, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.realwap.net"; dns.query; content:"agh.realwap.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4362, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rjscho.net"; dns.query; content:"adguard.rjscho.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4363, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opendns.one"; dns.query; content:"opendns.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27994364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4364, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lime.samonte.ovh"; dns.query; content:"lime.samonte.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27994365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4365, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bei01.dnscry.pt"; dns.query; content:"bei01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4366, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fet02.dnscry.pt"; dns.query; content:"fet02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4367, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ind01.dnscry.pt"; dns.query; content:"ind01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4368, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for los02.dnscry.pt"; dns.query; content:"los02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4369, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pmo01.dnscry.pt"; dns.query; content:"pmo01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4370, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for landerbrauver.ru"; dns.query; content:"landerbrauver.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4371, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tw.dosar.vip"; dns.query; content:"tw.dosar.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27994372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4372, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homec92.dns.army"; dns.query; content:"homec92.dns.army"; nocase; fast_pattern; classtype:bad-unknown; sid:27994373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4373, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.serverrune.be"; dns.query; content:"adguard.serverrune.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27994374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4374, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tuantran.cloud"; dns.query; content:"tuantran.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27994375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4375, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for midns.clicinternet.com"; dns.query; content:"midns.clicinternet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4376, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for forzalaquila.servebeer.com"; dns.query; content:"forzalaquila.servebeer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4377, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb-dns.sapient.cyou"; dns.query; content:"adb-dns.sapient.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27994378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4378, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stella.clae.net"; dns.query; content:"stella.clae.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4379, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ppmanu.ddns.net"; dns.query; content:"ppmanu.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4380, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads-ch.landgame.net"; dns.query; content:"ads-ch.landgame.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4381, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fra-w-f-1.nashkan.net"; dns.query; content:"de-fra-w-f-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4382, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fra-w-f-2.nashkan.net"; dns.query; content:"de-fra-w-f-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4383, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fra-w-f-3.nashkan.net"; dns.query; content:"de-fra-w-f-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4384, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for purpose.shamanlanding.org"; dns.query; content:"purpose.shamanlanding.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4385, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roadesdyn.go.ro"; dns.query; content:"roadesdyn.go.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27994386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4386, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wandana.franklinfamily.au"; dns.query; content:"wandana.franklinfamily.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27994387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4387, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frkn.frkn.cloud"; dns.query; content:"frkn.frkn.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27994388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4388, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for himeko297.asuscomm.com"; dns.query; content:"himeko297.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4389, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bgeneto.com"; dns.query; content:"dns.bgeneto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4390, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bvo.giize.com"; dns.query; content:"bvo.giize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4391, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oowo.de"; dns.query; content:"oowo.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4392, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.oowo.de"; dns.query; content:"www.oowo.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4393, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for prdot.cldsrv.es"; dns.query; content:"prdot.cldsrv.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27994394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4394, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for miskoss.fun"; dns.query; content:"miskoss.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27994395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4395, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.mnml.co.in"; dns.query; content:"adg.mnml.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27994396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4396, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.kone.ink"; dns.query; content:"ad.kone.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27994397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4397, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-vn2.cloudmini.net"; dns.query; content:"adguard-vn2.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4398, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.exium.net"; dns.query; content:"adguard.exium.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4399, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nzdns.highenergymagic.net"; dns.query; content:"nzdns.highenergymagic.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4400, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quanhd.net"; dns.query; content:"dns.quanhd.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4401, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cache.viewdns.net"; dns.query; content:"cache.viewdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4402, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.svip.one"; dns.query; content:"dns2.svip.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27994403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4403, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for raj.pw"; dns.query; content:"raj.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27994404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4404, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n10.martkotur.ru"; dns.query; content:"n10.martkotur.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4405, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns88.site"; dns.query; content:"dns88.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27994406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4406, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dinoclouds.store"; dns.query; content:"dinoclouds.store"; nocase; fast_pattern; classtype:bad-unknown; sid:27994407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4407, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.amyy.uk"; dns.query; content:"dns.amyy.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27994408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4408, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.y2f.xyz"; dns.query; content:"dns.y2f.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4409, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads.hunga1k47.com"; dns.query; content:"ads.hunga1k47.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4410, updated_at 2025_05_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mathewakhil.online"; dns.query; content:"dns.mathewakhil.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27994411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4411, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kantinyoyok.xyz"; dns.query; content:"adguard.kantinyoyok.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4412, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.yybyy.wiki"; dns.query; content:"adg.yybyy.wiki"; nocase; fast_pattern; classtype:bad-unknown; sid:27994413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4413, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xwdmw.xyz"; dns.query; content:"dns.xwdmw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4414, updated_at 2025_05_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kugoapps.com"; dns.query; content:"dns.kugoapps.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4415, updated_at 2025_04_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for draco.plan9-ns2.com"; dns.query; content:"draco.plan9-ns2.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4416, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.brianlee.fun"; dns.query; content:"ag.brianlee.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27994417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4417, updated_at 2025_05_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wibenson.cloud"; dns.query; content:"dns.wibenson.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27994418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4418, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.native.cat"; dns.query; content:"dns.native.cat"; nocase; fast_pattern; classtype:bad-unknown; sid:27994419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4419, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.feblab.click"; dns.query; content:"agh.feblab.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27994420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4420, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zoogle.cn"; dns.query; content:"dns.zoogle.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4421, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for quq.flymlc.com"; dns.query; content:"quq.flymlc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4422, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kalyanmudumby.com"; dns.query; content:"adguard.kalyanmudumby.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4423, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.megaong.com"; dns.query; content:"dns.megaong.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4424, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for epic3.mooo.com"; dns.query; content:"epic3.mooo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4425, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.veikus.com"; dns.query; content:"dns.veikus.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4426, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.imaletion.de"; dns.query; content:"doh.imaletion.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4427, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lvl-network.de"; dns.query; content:"dns.lvl-network.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4428, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.clawsucht.eu"; dns.query; content:"adguard.clawsucht.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4429, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.epcot.fr"; dns.query; content:"dns.epcot.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27994430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4430, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skuy.co.id"; dns.query; content:"dns.skuy.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4431, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doth.jocic.link"; dns.query; content:"doth.jocic.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27994432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4432, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for void.mcfly.lol"; dns.query; content:"void.mcfly.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27994433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4433, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drkcloud.ddns.net"; dns.query; content:"drkcloud.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4434, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jkmoon.ggff.net"; dns.query; content:"jkmoon.ggff.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4435, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aduma15.duckdns.org"; dns.query; content:"aduma15.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4436, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad-blocking.eu.org"; dns.query; content:"ad-blocking.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4437, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stroveer.hopto.org"; dns.query; content:"stroveer.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4438, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d010r.517.4d.6u4rd.mlh.re"; dns.query; content:"d010r.517.4d.6u4rd.mlh.re"; nocase; fast_pattern; classtype:bad-unknown; sid:27994439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4439, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for immadnez7.ru"; dns.query; content:"immadnez7.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4440, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.immadnez7.ru"; dns.query; content:"www.immadnez7.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4441, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.reolinks.ru"; dns.query; content:"dns.reolinks.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4442, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beta.thegodfatheriam.shop"; dns.query; content:"beta.thegodfatheriam.shop"; nocase; fast_pattern; classtype:bad-unknown; sid:27994443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4443, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fptdns.site"; dns.query; content:"fptdns.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27994444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4444, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.scartopo.top"; dns.query; content:"adg.scartopo.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4445, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk154.flyzhouyc.win"; dns.query; content:"hk154.flyzhouyc.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27994446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4446, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.20010114.xyz"; dns.query; content:"www.20010114.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4447, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.usualposts.xyz"; dns.query; content:"dns.usualposts.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4448, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for himedns.com"; dns.query; content:"himedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4449, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hydra.plan9-ns1.com"; dns.query; content:"hydra.plan9-ns1.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4450, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.yepdns.com"; dns.query; content:"sg.yepdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4451, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.arubadns.it"; dns.query; content:"doh.arubadns.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27994452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4452, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.un-censoreddns.com"; dns.query; content:"doh.un-censoreddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4453, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.un-censoreddns.org"; dns.query; content:"doh.un-censoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4454, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tenta.io"; dns.query; content:"doh.tenta.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27994455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4455, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ultradns.com"; dns.query; content:"doh.ultradns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4456, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.yandex.net"; dns.query; content:"doh.yandex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4457, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.mozilla.com"; dns.query; content:"doh.dns.mozilla.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4458, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aliyun.com"; dns.query; content:"dns.aliyun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4459, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.controld.com"; dns.query; content:"doh.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4460, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anon.dns.digitale-gesellschaft.ch"; dns.query; content:"anon.dns.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27994461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4461, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.rethinkdns.com"; dns.query; content:"doh.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4462, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.opennic.glue"; dns.query; content:"doh.opennic.glue"; nocase; fast_pattern; classtype:bad-unknown; sid:27994463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4463, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for router.comss.one"; dns.query; content:"router.comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27994464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4464, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.95576.app"; dns.query; content:"jp.95576.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27994465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4465, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hg8.asia"; dns.query; content:"hg8.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27994466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4466, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huanmave.cc"; dns.query; content:"dns.huanmave.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27994467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4467, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.eyadmojahed.ddnsgeek.com"; dns.query; content:"adguard.eyadmojahed.ddnsgeek.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4468, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for andybunn.onthewifi.com"; dns.query; content:"andybunn.onthewifi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4469, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.inoainoa.fun"; dns.query; content:"www.inoainoa.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27994470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4470, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sildom.me"; dns.query; content:"dns.sildom.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27994471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4471, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgrm.duckdns.org"; dns.query; content:"adgrm.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4472, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cpt01.dnscry.pt"; dns.query; content:"cpt01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4473, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cpt02.dnscry.pt"; dns.query; content:"cpt02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4474, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gdn01.dnscry.pt"; dns.query; content:"gdn01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4475, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iev02.dnscry.pt"; dns.query; content:"iev02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4476, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jnb02.dnscry.pt"; dns.query; content:"jnb02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4477, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for moe01.dnscry.pt"; dns.query; content:"moe01.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4478, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mru02.dnscry.pt"; dns.query; content:"mru02.dnscry.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27994479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4479, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roycom.win"; dns.query; content:"roycom.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27994480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4480, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guigu.dns.army"; dns.query; content:"guigu.dns.army"; nocase; fast_pattern; classtype:bad-unknown; sid:27994481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4481, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for woodbridge.club"; dns.query; content:"woodbridge.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27994482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4482, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.p2cdn.cn"; dns.query; content:"doh.p2cdn.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4483, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quickso.cn"; dns.query; content:"dns.quickso.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27994484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4484, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maverick5275.northeurope.cloudapp.azure.com"; dns.query; content:"maverick5275.northeurope.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4485, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mechanikdns.kozow.com"; dns.query; content:"mechanikdns.kozow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4486, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fdue.de"; dns.query; content:"dns.fdue.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4487, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sixxi.de"; dns.query; content:"adguard.sixxi.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4488, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vserv.wkind.de"; dns.query; content:"vserv.wkind.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4489, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wdnts.eu"; dns.query; content:"dns.wdnts.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4490, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for next.atomix.in"; dns.query; content:"next.atomix.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27994491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4491, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.atomix.in"; dns.query; content:"vps.atomix.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27994492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4492, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gr.skrsteam.info"; dns.query; content:"gr.skrsteam.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27994493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4493, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-mum.daryllswer.net"; dns.query; content:"dns-mum.daryllswer.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4494, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsresolver02.ddns.net"; dns.query; content:"dnsresolver02.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27994495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4495, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for reptis.online"; dns.query; content:"reptis.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27994496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4496, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.reptis.online"; dns.query; content:"www.reptis.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27994497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4497, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ab.teleportbot.org"; dns.query; content:"ab.teleportbot.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4498, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oury.privado.ovh"; dns.query; content:"oury.privado.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27994499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4499, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.searom.ovh"; dns.query; content:"dns.searom.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27994500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4500, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kjmserwis.pl"; dns.query; content:"kjmserwis.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27994501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4501, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kjmserwis.pl"; dns.query; content:"dns.kjmserwis.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27994502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4502, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kjmserwis.pl"; dns.query; content:"www.kjmserwis.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27994503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4503, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fsociety.red"; dns.query; content:"dns.fsociety.red"; nocase; fast_pattern; classtype:bad-unknown; sid:27994504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4504, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.srv.augh.ru"; dns.query; content:"dns3.srv.augh.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4505, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.insigne.solutions"; dns.query; content:"dns.insigne.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27994506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4506, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.epic.st"; dns.query; content:"dns.epic.st"; nocase; fast_pattern; classtype:bad-unknown; sid:27994507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4507, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.erkin.top"; dns.query; content:"dns.erkin.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4508, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ningyan.top"; dns.query; content:"ningyan.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4509, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ningyan.top"; dns.query; content:"dns.ningyan.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4510, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for artemis.orionnexus.top"; dns.query; content:"artemis.orionnexus.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4511, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for only3.henky.com.tr"; dns.query; content:"only3.henky.com.tr"; nocase; fast_pattern; classtype:bad-unknown; sid:27994512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4512, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.19151120.xyz"; dns.query; content:"adguard.19151120.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4513, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cooluc.com"; dns.query; content:"dns.cooluc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4514, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.surfsharkdns.com"; dns.query; content:"dns.surfsharkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4515, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v.recipes"; dns.query; content:"v.recipes"; nocase; fast_pattern; classtype:bad-unknown; sid:27994516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4516, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsguard.pub"; dns.query; content:"dnsguard.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27994517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4517, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.caliph.dev"; dns.query; content:"dns.caliph.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27994518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4518, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for extra.mask.ad"; dns.query; content:"extra.mask.ad"; nocase; fast_pattern; classtype:bad-unknown; sid:27994519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4519, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.childguard.app"; dns.query; content:"dns.childguard.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27994520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4520, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.lfac.net.br"; dns.query; content:"us.lfac.net.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27994521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4521, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for corancy.ddnsfree.com"; dns.query; content:"corancy.ddnsfree.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4522, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roelgianotten.ddnsfree.com"; dns.query; content:"roelgianotten.ddnsfree.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4523, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.fiyaajans.com"; dns.query; content:"adg.fiyaajans.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4524, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cdns.lagzerotm.com"; dns.query; content:"cdns.lagzerotm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4525, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for disinformer.mooo.com"; dns.query; content:"disinformer.mooo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4526, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thefamilypuls.com"; dns.query; content:"thefamilypuls.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4527, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yuno.truckbel.com"; dns.query; content:"yuno.truckbel.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4528, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.hadan-dns.de"; dns.query; content:"ns1.hadan-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27994529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4529, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.litong.dev"; dns.query; content:"dns.litong.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27994530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4530, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.strafer.dk"; dns.query; content:"adguard.strafer.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27994531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4531, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfreedns.eu"; dns.query; content:"adfreedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4532, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vdska-pl.ydns.eu"; dns.query; content:"vdska-pl.ydns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27994533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4533, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.groupesaintmichel.fr"; dns.query; content:"dns.groupesaintmichel.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27994534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4534, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gw1.dns.haynetwork.id"; dns.query; content:"gw1.dns.haynetwork.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27994535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4535, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.webfork.in"; dns.query; content:"dns.webfork.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27994536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4536, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filter.myaddr.io"; dns.query; content:"filter.myaddr.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27994537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4537, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maincloud.ir"; dns.query; content:"maincloud.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27994538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4538, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.mihanentalpo.me"; dns.query; content:"agh.mihanentalpo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27994539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4539, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.weisbrod.me"; dns.query; content:"home.weisbrod.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27994540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4540, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardpi.duckdns.org"; dns.query; content:"adguardpi.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4541, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d1c5e600.duckdns.org"; dns.query; content:"d1c5e600.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4542, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for morgenegg.duckdns.org"; dns.query; content:"morgenegg.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4543, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for moidns.hopto.org"; dns.query; content:"moidns.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4544, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for joshberg.org"; dns.query; content:"joshberg.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27994545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4545, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bobr.netphoenix.ru"; dns.query; content:"bobr.netphoenix.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4546, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shrike.ru"; dns.query; content:"dns.shrike.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27994547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4547, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.bse4792.site"; dns.query; content:"adguard.bse4792.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27994548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4548, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cryptd.space"; dns.query; content:"cryptd.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27994549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4549, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.beerloga.su"; dns.query; content:"cloud.beerloga.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27994550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4550, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yukito.duanzx.top"; dns.query; content:"yukito.duanzx.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27994551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4551, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for host.jerry-lee.uk"; dns.query; content:"host.jerry-lee.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27994552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4552, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ghkyzz.us"; dns.query; content:"adguard.ghkyzz.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27994553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4553, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdns.zakaria.website"; dns.query; content:"sdns.zakaria.website"; nocase; fast_pattern; classtype:bad-unknown; sid:27994554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4554, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.hu10us22.win"; dns.query; content:"dns3.hu10us22.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27994555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4555, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tyo.883933770.xyz"; dns.query; content:"tyo.883933770.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4556, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.890806.xyz"; dns.query; content:"dns.890806.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4557, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.altgr.xyz"; dns.query; content:"adguard.altgr.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4558, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mysolod.xyz"; dns.query; content:"mysolod.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27994559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4559, updated_at 2025_05_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frd4wvnobp.cloudflare-gateway.com"; dns.query; content:"frd4wvnobp.cloudflare-gateway.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27994560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4560, updated_at 2025_05_22;)