# (o)DoH server list (DNS entries).
# See https://jpgpi250.github.io/piholemanual/doc/Block%20DOH%20with%20pfsense.pdf
#
# Last updated: 2023-11-28 03:24:44 (UTC)
# MD5 checksum file available.
#
# SID reservations: https://sidallocation.org/
# GitHub: https://github.com/sidallocation/sidallocation.org
#
# Report issues with this list at https://github.com/jpgpi250/piholemanual/issues
# Use SID Management to disable specific entries.
#
# Terms of Services (ToS)
# By using the datasets, you agree that:
#   The datasets can be used for both, commercial and non-commercial purpose without any limitations (CC0 - No Rights Reserved)
#   Data offered is served as it is on best effort
#   I (jpgpi250) can not be held liable for any false positive or damage caused by the use of the datasets offered.
#
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.google"; dns.query; content:"dns.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 0, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflare-dns.com"; dns.query; content:"cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns9.quad9.net"; dns.query; content:"dns9.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns10.quad9.net"; dns.query; content:"dns10.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cleanbrowsing.org"; dns.query; content:"doh.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnsoverhttps.net"; dns.query; content:"dns.dnsoverhttps.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.crypto.sx"; dns.query; content:"doh.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.powerdns.org"; dns.query; content:"doh.powerdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-jp.blahdns.com"; dns.query; content:"doh-jp.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 8, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dns-over-https.com"; dns.query; content:"dns.dns-over-https.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 9, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.securedns.eu"; dns.query; content:"doh.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 10, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rubyfish.cn"; dns.query; content:"dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 11, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnswarden.com"; dns.query; content:"doh.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 12, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.captnemo.in"; dns.query; content:"doh.captnemo.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 13, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tiar.app"; dns.query; content:"doh.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 14, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaflalo.me"; dns.query; content:"dns.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 15, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-nyc.aaflalo.me"; dns.query; content:"dns-nyc.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 16, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard.com"; dns.query; content:"dns.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 17, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-family.adguard.com"; dns.query; content:"dns-family.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 18, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alekberg.net"; dns.query; content:"dns.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 19, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.alekberg.net"; dns.query; content:"dns2.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 20, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsse.alekberg.net"; dns.query; content:"dnsse.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 21, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alidns.com"; dns.query; content:"dns.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 22, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aa.net.uk"; dns.query; content:"dns.aa.net.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 23, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.42l.fr"; dns.query; content:"doh.42l.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 24, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohtrial.att.net"; dns.query; content:"dohtrial.att.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 25, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-fi.blahdns.com"; dns.query; content:"doh-fi.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 26, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-de.blahdns.com"; dns.query; content:"doh-de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 28, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-sg.blahdns.com"; dns.query; content:"doh-sg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 29, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brahma.world"; dns.query; content:"dns.brahma.world"; nocase; fast_pattern; classtype:bad-unknown; sid:27990030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 30, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private.canadianshield.cira.ca"; dns.query; content:"private.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 31, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for protected.canadianshield.cira.ca"; dns.query; content:"protected.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 32, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.canadianshield.cira.ca"; dns.query; content:"family.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 33, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.opendns.com"; dns.query; content:"doh.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 35, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.familyshield.opendns.com"; dns.query; content:"doh.familyshield.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 36, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family-filter-dns.cleanbrowsing.org"; dns.query; content:"family-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 37, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adult-filter-dns.cleanbrowsing.org"; dns.query; content:"adult-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 38, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security-filter-dns.cleanbrowsing.org"; dns.query; content:"security-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 39, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for one.one.one.one"; dns.query; content:"one.one.one.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 41, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mozilla.cloudflare-dns.com"; dns.query; content:"mozilla.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 42, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1dot1dot1dot1.cloudflare-dns.com"; dns.query; content:"1dot1dot1dot1.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 43, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns64.cloudflare-dns.com"; dns.query; content:"dns64.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 45, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security.cloudflare-dns.com"; dns.query; content:"security.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 46, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.cloudflare-dns.com"; dns.query; content:"family.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 47, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xfinity.com"; dns.query; content:"doh.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 48, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.recursive.dnsbycomodo.com"; dns.query; content:"ns1.recursive.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 49, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.recursive.dnsbycomodo.com"; dns.query; content:"ns2.recursive.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 50, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for commons.host"; dns.query; content:"commons.host"; nocase; fast_pattern; classtype:bad-unknown; sid:27990048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 51, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.containerpi.com"; dns.query; content:"dns.containerpi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 52, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohdot.coxlab.net"; dns.query; content:"dohdot.coxlab.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 53, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-ipv6.crypto.sx"; dns.query; content:"doh-ipv6.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 55, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitale-gesellschaft.ch"; dns.query; content:"dns.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 56, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.li"; dns.query; content:"doh.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 57, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.dnscrypt.ca"; dns.query; content:"dns1.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 58, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.dnscrypt.ca"; dns.query; content:"dns2.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 59, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsforge.de"; dns.query; content:"dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 60, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnshome.de"; dns.query; content:"dns.dnshome.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 61, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnslify.com"; dns.query; content:"doh.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 62, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.ns.dnslify.com"; dns.query; content:"a.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 63, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.ns.dnslify.com"; dns.query; content:"b.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 64, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.safe.ns.dnslify.com"; dns.query; content:"a.safe.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 65, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.safe.ns.dnslify.com"; dns.query; content:"b.safe.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 66, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.family.ns.dnslify.com"; dns.query; content:"a.family.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 67, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.family.ns.dnslify.com"; dns.query; content:"b.family.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 68, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.seby.io"; dns.query; content:"doh.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 69, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-2.seby.io"; dns.query; content:"doh-2.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 70, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.sb"; dns.query; content:"doh.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 71, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.dyndnsinternetguide.com"; dns.query; content:"resolver1.dyndnsinternetguide.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 72, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.dyndnsinternetguide.com"; dns.query; content:"resolver2.dyndnsinternetguide.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 73, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ffmuc.net"; dns.query; content:"doh.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 74, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.applied-privacy.net"; dns.query; content:"doh.applied-privacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 75, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.233py.com"; dns.query; content:"dns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 76, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.233py.com"; dns.query; content:"i.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 77, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wdns.233py.com"; dns.query; content:"wdns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 78, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ndns.233py.com"; dns.query; content:"ndns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 79, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdns.233py.com"; dns.query; content:"sdns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 80, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for google-public-dns-a.google.com"; dns.query; content:"google-public-dns-a.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 82, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for google-public-dns-b.google.com"; dns.query; content:"google-public-dns-b.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 83, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns64.dns.google"; dns.query; content:"dns64.dns.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 84, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hostux.net"; dns.query; content:"dns.hostux.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 85, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ibuki.cgnat.net"; dns.query; content:"ibuki.cgnat.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 86, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ibksturm.synology.me"; dns.query; content:"ibksturm.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 87, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jcdns.fun"; dns.query; content:"jcdns.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27990083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 88, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver-eu.lelux.fi"; dns.query; content:"resolver-eu.lelux.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 89, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.libredns.gr"; dns.query; content:"doh.libredns.gr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 90, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mrkaran.dev"; dns.query; content:"dns.mrkaran.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 91, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nextdns.io"; dns.query; content:"dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 93, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.any.dns.nixnet.xyz"; dns.query; content:"uncensored.any.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 94, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.any.dns.nixnet.xyz"; dns.query; content:"adblock.any.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 95, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.lv1.dns.nixnet.xyz"; dns.query; content:"uncensored.lv1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 96, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.lv1.dns.nixnet.xyz"; dns.query; content:"adblock.lv1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 97, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.ny1.dns.nixnet.xyz"; dns.query; content:"uncensored.ny1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 98, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.ny1.dns.nixnet.xyz"; dns.query; content:"adblock.ny1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 99, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.lux1.dns.nixnet.xyz"; dns.query; content:"uncensored.lux1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 100, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.lux1.dns.nixnet.xyz"; dns.query; content:"adblock.lux1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 101, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.opendns.com"; dns.query; content:"resolver1.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 102, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.opendns.com"; dns.query; content:"resolver2.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 103, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1-fs.opendns.com"; dns.query; content:"resolver1-fs.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 104, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2-fs.opendns.com"; dns.query; content:"resolver2-fs.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 105, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.ipv6-sandbox.opendns.com"; dns.query; content:"resolver1.ipv6-sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 106, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.ipv6-sandbox.opendns.com"; dns.query; content:"resolver2.ipv6-sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 107, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oszx.co"; dns.query; content:"dns.oszx.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27990102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 108, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pumplex.com"; dns.query; content:"dns.pumplex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 109, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.centraleu.pi-dns.com"; dns.query; content:"doh.centraleu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 110, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.northeu.pi-dns.com"; dns.query; content:"doh.northeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 111, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.westus.pi-dns.com"; dns.query; content:"doh.westus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 112, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastus.pi-dns.com"; dns.query; content:"doh.eastus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 113, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quad9.net"; dns.query; content:"dns.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 115, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns11.quad9.net"; dns.query; content:"dns11.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 118, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rpz-public-resolver1.rrdns.pch.net"; dns.query; content:"rpz-public-resolver1.rrdns.pch.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 119, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-nosec.quad9.net"; dns.query; content:"dns-nosec.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 120, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.twnic.tw"; dns.query; content:"dns.twnic.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 121, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v6.rubyfish.cn"; dns.query; content:"v6.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 122, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ea-dns.rubyfish.cn"; dns.query; content:"ea-dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 124, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uw-dns.rubyfish.cn"; dns.query; content:"uw-dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 125, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads-doh.securedns.eu"; dns.query; content:"ads-doh.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 127, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi.doh.dns.snopyta.org"; dns.query; content:"fi.doh.dns.snopyta.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 128, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.switch.ch"; dns.query; content:"dns.switch.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 129, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tiarap.org"; dns.query; content:"doh.tiarap.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 131, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.tiar.app"; dns.query; content:"jp.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 132, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.tiarap.org"; dns.query; content:"jp.tiarap.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 133, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.t53.de"; dns.query; content:"dns.t53.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 134, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.appliedprivacy.net"; dns.query; content:"doh.appliedprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 137, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public.dns.iij.jp"; dns.query; content:"public.dns.iij.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27990124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 138, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.gridns.xyz"; dns.query; content:"jp.gridns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 139, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flatuslifir.is"; dns.query; content:"dns.flatuslifir.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27990126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 140, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odvr.nic.cz"; dns.query; content:"odvr.nic.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 141, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rumpelsepp.org"; dns.query; content:"rumpelsepp.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 142, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ordns.he.net"; dns.query; content:"ordns.he.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 143, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdns.faelix.net"; dns.query; content:"rdns.faelix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 144, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfree.usableprivacy.net"; dns.query; content:"adfree.usableprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 145, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.233py.com.a.bdydns.com"; dns.query; content:"i.233py.com.a.bdydns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 148, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opencdn.jomodns.com"; dns.query; content:"opencdn.jomodns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 149, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.233py.com.cdn.cloudflare.net"; dns.query; content:"dns.233py.com.cdn.cloudflare.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 151, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edns.233py.com"; dns.query; content:"edns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 152, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-gcp.aaflalo.me"; dns.query; content:"dns-gcp.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 156, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.in.ahadns.net"; dns.query; content:"doh.in.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 161, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nl.ahadns.net"; dns.query; content:"doh.nl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 162, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.us.ahadns.net"; dns.query; content:"doh.us.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 163, updated_at 2021_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnses.alekberg.net"; dns.query; content:"dnses.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 166, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnl.alekberg.net"; dns.query; content:"dnsnl.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 167, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.armadillodns.net"; dns.query; content:"doh.armadillodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 172, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blahdns.com"; dns.query; content:"blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 174, updated_at 2021_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.blahdns.com"; dns.query; content:"doh.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 175, updated_at 2021_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-ch.blahdns.com"; dns.query; content:"doh-ch.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 176, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.blockerdns.com"; dns.query; content:"doh.blockerdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 180, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for free.bravedns.com"; dns.query; content:"free.bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 182, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bravedns.com"; dns.query; content:"bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 183, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for canadianshield.cira.ca"; dns.query; content:"canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 186, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudflare.com"; dns.query; content:"dns.cloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 190, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cmrg.net"; dns.query; content:"dns.cmrg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 196, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jit.ddns.net"; dns.query; content:"jit.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 201, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.defaultroutes.de"; dns.query; content:"doh.defaultroutes.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 202, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.developer.li"; dns.query; content:"dns.developer.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 203, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.developer.li"; dns.query; content:"dns2.developer.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 204, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.digitale-gesellschaft.ch"; dns.query; content:"dns1.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 206, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.digitale-gesellschaft.ch"; dns.query; content:"dns2.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 207, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public-dns-a.dns.sb"; dns.query; content:"public-dns-a.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 215, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public-dns-b.dns.sb"; dns.query; content:"public-dns-b.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 216, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock-dot.dnswarden.com"; dns.query; content:"adblock-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 222, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adult-filter-dot.dnswarden.com"; dns.query; content:"adult-filter-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 223, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ecs-doh.dnswarden.com"; dns.query; content:"ecs-doh.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 225, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored-dot.dnswarden.com"; dns.query; content:"uncensored-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 226, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.google.com"; dns.query; content:"dns.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 231, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.gridns.xyz"; dns.query; content:"sg.gridns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 235, updated_at 2021_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.dns.lavate.ch"; dns.query; content:"us1.dns.lavate.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 240, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu1.dns.lavate.ch"; dns.query; content:"eu1.dns.lavate.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 241, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.libredns.org"; dns.query; content:"doh.libredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 243, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.mydns.network"; dns.query; content:"adblock.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 245, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neutopia.org"; dns.query; content:"dns.neutopia.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 246, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.netweaver.uk"; dns.query; content:"doh.netweaver.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 248, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nextdns.io"; dns.query; content:"dns1.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 250, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nextdns.io"; dns.query; content:"dns2.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 251, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nixnet.xyz"; dns.query; content:"dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 253, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv1.nixnet.xyz"; dns.query; content:"lv1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 254, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ny1.nixnet.xyz"; dns.query; content:"ny1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 255, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lux1.nixnet.xyz"; dns.query; content:"lux1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 256, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pi-dns.com"; dns.query; content:"doh.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 265, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastas.pi-dns.com"; dns.query; content:"doh.eastas.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 267, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastau.pi-dns.com"; dns.query; content:"doh.eastau.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 268, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.westeu.pi-dns.com"; dns.query; content:"doh.westeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 271, updated_at 2021_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls.sinodun.com"; dns.query; content:"dnsovertls.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 288, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls1.sinodun.com"; dns.query; content:"dnsovertls1.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 289, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wugui.zone"; dns.query; content:"dns.wugui.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 299, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-asia.wugui.zone"; dns.query; content:"dns-asia.wugui.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 300, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.gslb2.xfinity.com"; dns.query; content:"doh.gslb2.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 302, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.gandi.net"; dns.query; content:"dns.api.gandi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 303, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.globus.org"; dns.query; content:"dns.api.globus.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 304, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.integration.globuscs.info"; dns.query; content:"dns.api.integration.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 305, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.preview.globus.org"; dns.query; content:"dns.api.preview.globus.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 306, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.rackspacecloud.com"; dns.query; content:"dns.api.rackspacecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 307, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.sandbox.globuscs.info"; dns.query; content:"dns.api.sandbox.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 308, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.staging.globuscs.info"; dns.query; content:"dns.api.staging.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 309, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.test.globuscs.info"; dns.query; content:"dns.api.test.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 310, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.beta.gandi.net"; dns.query; content:"dns.beta.gandi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 311, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudfiction.eu"; dns.query; content:"dns.cloudfiction.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 312, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eu-frankfurt-1.oraclecloud.com"; dns.query; content:"dns.eu-frankfurt-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 314, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.islandnet.com"; dns.query; content:"dns.islandnet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 316, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.onp.cloud"; dns.query; content:"dns.onp.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 317, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tuna.tsinghua.edu.cn"; dns.query; content:"dns.tuna.tsinghua.edu.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 319, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uk-london-1.oraclecloud.com"; dns.query; content:"dns.uk-london-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 320, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-ashburn-1.oraclecloud.com"; dns.query; content:"dns.us-ashburn-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 321, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-phoenix-1.oraclecloud.com"; dns.query; content:"dns.us-phoenix-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 322, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.dnswarden.com"; dns.query; content:"doh1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 343, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.dnswarden.com"; dns.query; content:"doh2.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 344, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1001.cloudflare-dns.com"; dns.query; content:"1001.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 361, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1111.cloudflare-dns.com"; dns.query; content:"1111.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 362, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azure.cloudflare-dns.com"; dns.query; content:"azure.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 365, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chrome.cloudflare-dns.com"; dns.query; content:"chrome.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 366, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opera.cloudflare-dns.com"; dns.query; content:"opera.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 368, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tor.cloudflare-dns.com"; dns.query; content:"tor.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 369, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 8888.google"; dns.query; content:"8888.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 373, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns12.quad9.net"; dns.query; content:"dns12.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 379, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trr.dns.nextdns.io"; dns.query; content:"trr.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 383, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.xfinity.com"; dns.query; content:"dot.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 395, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.la.ahadns.net"; dns.query; content:"doh.la.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 436, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ny.ahadns.net"; dns.query; content:"doh.ny.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 437, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for example.doh.blockerdns.com"; dns.query; content:"example.doh.blockerdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 448, updated_at 2022_09_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-01.spectrum.com"; dns.query; content:"doh-01.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 452, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-02.spectrum.com"; dns.query; content:"doh-02.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 453, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moulticast.net"; dns.query; content:"dns.moulticast.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 492, updated_at 2022_08_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitalegesellschaft.ch"; dns.query; content:"dns.digitalegesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 522, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.cloudflaredns.com"; dns.query; content:"family.cloudflaredns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 525, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohsg.blahdns.com"; dns.query; content:"dohsg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 527, updated_at 2021_08_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohipv6.crypto.sx"; dns.query; content:"dohipv6.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 531, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdohnosafesearch.dnsforfamily.com"; dns.query; content:"dnsdohnosafesearch.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 540, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.yepdns.com"; dns.query; content:"sg.yepdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 543, updated_at 2021_09_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.njal.la"; dns.query; content:"dns.njal.la"; nocase; fast_pattern; classtype:bad-unknown; sid:27990228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 544, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.seby.io"; dns.query; content:"doh2.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 546, updated_at 2023_10_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohjp.blahdns.com"; dns.query; content:"dohjp.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 547, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bortzmeyer.fr"; dns.query; content:"doh.bortzmeyer.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 549, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uwdns.rubyfish.cn"; dns.query; content:"uwdns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 554, updated_at 2021_05_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohde.blahdns.com"; dns.query; content:"dohde.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 555, updated_at 2022_11_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.arapurayil.com"; dns.query; content:"dns.arapurayil.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 556, updated_at 2021_12_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnyc.aaflalo.me"; dns.query; content:"dnsnyc.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 557, updated_at 2021_03_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdoh.dnsforfamily.com"; dns.query; content:"dnsdoh.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 559, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security.cloudflaredns.com"; dns.query; content:"security.cloudflaredns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 561, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.ryanpalmer.com"; dns.query; content:"dns1.ryanpalmer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 564, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chewbacca.meganerd.nl"; dns.query; content:"chewbacca.meganerd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 568, updated_at 2023_09_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.circl.lu"; dns.query; content:"dns.circl.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 569, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsfamily.adguard.com"; dns.query; content:"dnsfamily.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 573, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.linuxsec.org"; dns.query; content:"doh.linuxsec.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 577, updated_at 2021_09_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eadns.rubyfish.cn"; dns.query; content:"eadns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 579, updated_at 2021_05_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohfi.blahdns.com"; dns.query; content:"dohfi.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 580, updated_at 2023_01_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.therifleman.name"; dns.query; content:"dns.therifleman.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27990245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 582, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.this.web.id"; dns.query; content:"doh.this.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 584, updated_at 2021_10_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1dot1dot1dot1.cloudflaredns.com"; dns.query; content:"1dot1dot1dot1.cloudflaredns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 585, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohch.blahdns.com"; dns.query; content:"dohch.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 589, updated_at 2022_11_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pub"; dns.query; content:"doh.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 591, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ibr.cs.tu-bs.de"; dns.query; content:"doh.ibr.cs.tu-bs.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 604, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eieidns.com"; dns.query; content:"doh.eieidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 605, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.de.blahdns.com"; dns.query; content:"doh.de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 607, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bugdns.com"; dns.query; content:"doh.bugdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 609, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datt.pw"; dns.query; content:"doh.datt.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 610, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ntu.ssooss.win"; dns.query; content:"doh.ntu.ssooss.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 611, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.qis.io"; dns.query; content:"doh.qis.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 614, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.360.cn"; dns.query; content:"doh.360.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 640, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.233py.com"; dns.query; content:"doh.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 642, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaitain.restena.lu"; dns.query; content:"kaitain.restena.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 687, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pub"; dns.query; content:"dns.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 689, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.decloudus.com"; dns.query; content:"dns.decloudus.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 698, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.ryan-palmer.com"; dns.query; content:"dns1.ryan-palmer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 742, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.east.comss.one"; dns.query; content:"dns.east.comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 753, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.comss.one"; dns.query; content:"dns.comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 754, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-unfiltered.adguard.com"; dns.query; content:"dns-unfiltered.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 756, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pl.ahadns.net"; dns.query; content:"doh.pl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 853, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.it.ahadns.net"; dns.query; content:"doh.it.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 854, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.es.ahadns.net"; dns.query; content:"doh.es.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 855, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.no.ahadns.net"; dns.query; content:"doh.no.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 856, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.chi.ahadns.net"; dns.query; content:"doh.chi.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 857, updated_at 2022_07_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.au.ahadns.net"; dns.query; content:"doh.au.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 858, updated_at 2022_07_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.post-factum.tk"; dns.query; content:"doh.post-factum.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 859, updated_at 2022_03_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.postfactum.tk"; dns.query; content:"doh.postfactum.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 860, updated_at 2022_03_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.telekom.de"; dns.query; content:"dns.telekom.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 862, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.doh.my.id"; dns.query; content:"doh.doh.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 866, updated_at 2021_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.kutu.my.id"; dns.query; content:"doh.kutu.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 867, updated_at 2021_04_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id.terra.my.id"; dns.query; content:"id.terra.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 868, updated_at 2021_04_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asia.dnscepat.id"; dns.query; content:"asia.dnscepat.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 869, updated_at 2021_03_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edgy.network"; dns.query; content:"dns.edgy.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 870, updated_at 2022_02_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freedom.mydns.network"; dns.query; content:"freedom.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 871, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for draco.plan9ns2.com"; dns.query; content:"draco.plan9ns2.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 872, updated_at 2022_06_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hydra.plan9ns1.com"; dns.query; content:"hydra.plan9ns1.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 874, updated_at 2021_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.post-factum.tk"; dns.query; content:"dns.post-factum.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 877, updated_at 2022_05_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freedns.controld.com"; dns.query; content:"freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 882, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.abmb.win"; dns.query; content:"doh.abmb.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 885, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.abmb.win"; dns.query; content:"doh2.abmb.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 886, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.nl.ahadns.net"; dns.query; content:"dot.nl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 895, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.in.ahadns.net"; dns.query; content:"dot.in.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 896, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.la.ahadns.net"; dns.query; content:"dot.la.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 897, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ny.ahadns.net"; dns.query; content:"dot.ny.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 898, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.pl.ahadns.net"; dns.query; content:"dot.pl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 899, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.it.ahadns.net"; dns.query; content:"dot.it.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 900, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.es.ahadns.net"; dns.query; content:"dot.es.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 901, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.no.ahadns.net"; dns.query; content:"dot.no.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 902, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.chi.ahadns.net"; dns.query; content:"dot.chi.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 903, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.au.ahadns.net"; dns.query; content:"dot.au.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 904, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot1.applied-privacy.net"; dns.query; content:"dot1.applied-privacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 905, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.blahdns.com"; dns.query; content:"doh1.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 906, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.b-cdn.net"; dns.query; content:"doh1.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 907, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.blahdns.com"; dns.query; content:"doh2.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 908, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.b-cdn.net"; dns.query; content:"doh2.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 909, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-ch.blahdns.com"; dns.query; content:"dot-ch.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 910, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflare-gateway.com"; dns.query; content:"cloudflare-gateway.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 914, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdns.faelix.net"; dns.query; content:"pdns.faelix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 925, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jarjar.meganerd.nl"; dns.query; content:"jarjar.meganerd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 926, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sandbox.opendns.com"; dns.query; content:"doh.sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 928, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.seby.io"; dns.query; content:"dot.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 929, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.dns.seby.io"; dns.query; content:"2.dnscrypt-cert.dns.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 930, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fdns1.dismail.de"; dns.query; content:"fdns1.dismail.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 932, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fdns2.dismail.de"; dns.query; content:"fdns2.dismail.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 933, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.censurfridns.dk"; dns.query; content:"anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 934, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.censurfridns.dk"; dns.query; content:"deic-lgb.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 935, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.censurfridns.dk"; dns.query; content:"deic-ore.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 936, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.censurfridns.dk"; dns.query; content:"kracon.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 937, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.censurfridns.dk"; dns.query; content:"rgnet-iad.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 938, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.censurfridns.dk"; dns.query; content:"unicast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 939, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.uncensoreddns.org"; dns.query; content:"anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 940, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.uncensoreddns.org"; dns.query; content:"deic-lgb.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 941, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.uncensoreddns.org"; dns.query; content:"deic-ore.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 942, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.uncensoreddns.org"; dns.query; content:"kracon.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 943, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.uncensoreddns.org"; dns.query; content:"rgnet-iad.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 944, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.uncensoreddns.org"; dns.query; content:"unicast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 945, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.doh.mullvad.net"; dns.query; content:"adblock.doh.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 946, updated_at 2023_08_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mullvad.net"; dns.query; content:"doh.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 947, updated_at 2023_08_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for basic.bravedns.com"; dns.query; content:"basic.bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 951, updated_at 2021_07_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.blokada.org"; dns.query; content:"dns.blokada.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 975, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.umbrella.comu"; dns.query; content:"doh.umbrella.comu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 976, updated_at 2021_04_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.umbrella.com"; dns.query; content:"doh.umbrella.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 977, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hydra.plan9-ns1.com"; dns.query; content:"hydra.plan9-ns1.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 980, updated_at 2022_08_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for draco.plan9-ns2.com"; dns.query; content:"draco.plan9-ns2.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 981, updated_at 2022_08_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.emeraldonion.org"; dns.query; content:"dns.emeraldonion.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 983, updated_at 2021_06_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rethinkdns.com"; dns.query; content:"rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 987, updated_at 2021_08_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sb"; dns.query; content:"doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 993, updated_at 2023_01_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnlnoads.alekberg.net"; dns.query; content:"dnsnlnoads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 994, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk.adhole.org"; dns.query; content:"uk.adhole.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 995, updated_at 2022_06_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.adhole.org"; dns.query; content:"de.adhole.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 996, updated_at 2022_06_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.adhole.org"; dns.query; content:"sg.adhole.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 997, updated_at 2022_06_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-central.adhole.org"; dns.query; content:"us-central.adhole.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 998, updated_at 2022_06_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-east.adhole.org"; dns.query; content:"us-east.adhole.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 999, updated_at 2022_06_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wevpn.com"; dns.query; content:"dns.wevpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1010, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-weblock.wevpn.com"; dns.query; content:"dns-weblock.wevpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1011, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for basic.rethinkdns.com"; dns.query; content:"basic.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1012, updated_at 2023_11_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnscrypt.uk"; dns.query; content:"doh.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1014, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v.dnscrypt.uk"; dns.query; content:"v.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1017, updated_at 2023_01_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic.i2pd.xyz"; dns.query; content:"opennic.i2pd.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1020, updated_at 2022_05_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-fi.blahdns.com"; dns.query; content:"dot-fi.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1026, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-de.blahdns.com"; dns.query; content:"dot-de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1027, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-jp.blahdns.com"; dns.query; content:"dot-jp.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1028, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-sg.blahdns.com"; dns.query; content:"dot-sg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1029, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ffmuc.net"; dns.query; content:"dot.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1031, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.libredns.gr.com"; dns.query; content:"dot.libredns.gr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1032, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.securedns.eu"; dns.query; content:"dot.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1033, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls2.sinodun.com"; dns.query; content:"dnsovertls2.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1034, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls3.sinodun.com"; dns.query; content:"dnsovertls3.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1035, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi.dot.dns.snopyta.org"; dns.query; content:"fi.dot.dns.snopyta.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1036, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.tiar.app"; dns.query; content:"dot.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1037, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-doh.dnsforfamily.com"; dns.query; content:"dns-doh.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1040, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-dot.dnsforfamily.com"; dns.query; content:"dns-dot.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1041, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cfiec.net"; dns.query; content:"dns.cfiec.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1042, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eropa.dnscepat.id"; dns.query; content:"eropa.dnscepat.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1044, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.360.cn"; dns.query; content:"dot.360.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1046, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.pub"; dns.query; content:"dot.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1049, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for getdnsapi.net"; dns.query; content:"getdnsapi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1051, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.larsdebruin.net"; dns.query; content:"dns.larsdebruin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1052, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-tls.bitwiseshift.net"; dns.query; content:"dns-tls.bitwiseshift.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1053, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.dnsprivacy.at"; dns.query; content:"ns1.dnsprivacy.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1054, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.dnsprivacy.at"; dns.query; content:"ns2.dnsprivacy.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1055, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bitgeek.in"; dns.query; content:"dns.bitgeek.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1056, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privacydns.go6lab.si"; dns.query; content:"privacydns.go6lab.si"; nocase; fast_pattern; classtype:bad-unknown; sid:27990369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1057, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsotls.lab.nic.cl"; dns.query; content:"dnsotls.lab.nic.cl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1058, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls-dns-u.odvr.dns-oarc.net"; dns.query; content:"tls-dns-u.odvr.dns-oarc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1059, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.centraleu.pi-dns.com"; dns.query; content:"dot.centraleu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1060, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.northeu.pi-dns.com"; dns.query; content:"dot.northeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1061, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.westus.pi-dns.com"; dns.query; content:"dot.westus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1062, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastus.pi-dns.com"; dns.query; content:"dot.eastus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1063, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastau.pi-dns.com"; dns.query; content:"dot.eastau.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1064, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastas.pi-dns.com"; dns.query; content:"dot.eastas.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1065, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p0.freedns.controld.com"; dns.query; content:"p0.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1068, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p1.freedns.controld.com"; dns.query; content:"p1.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1069, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p2.freedns.controld.com"; dns.query; content:"p2.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1070, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p3.freedns.controld.com"; dns.query; content:"p3.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1071, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver4.dns.openinternet.io"; dns.query; content:"resolver4.dns.openinternet.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1075, updated_at 2021_09_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.apple.com"; dns.query; content:"doh.dns.apple.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1076, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for query.hdns.io"; dns.query; content:"query.hdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1086, updated_at 2022_06_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl.yepdns.com"; dns.query; content:"pl.yepdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1087, updated_at 2021_11_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.passcloud.xyz"; dns.query; content:"a.passcloud.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1088, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.passcloud.xyz"; dns.query; content:"i.passcloud.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1089, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns13.quad9.net"; dns.query; content:"dns13.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1091, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.cox.net"; dns.query; content:"dot.cox.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1094, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cox.net"; dns.query; content:"doh.cox.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1095, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sb"; dns.query; content:"dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1096, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chromium.dns.nextdns.io"; dns.query; content:"chromium.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1098, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.quickline.ch"; dns.query; content:"doh.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1099, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for firefox.dns.nextdns.io"; dns.query; content:"firefox.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1280, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-h2.icloud.com"; dns.query; content:"mask-h2.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1298, updated_at 2021_09_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask.icloud.com"; dns.query; content:"mask.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1299, updated_at 2021_09_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for steering.nextdns.io"; dns.query; content:"steering.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1332, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.doh.my.id"; dns.query; content:"dns.doh.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1351, updated_at 2021_12_08;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscache.e-utp.net"; dns.query; content:"dnscache.e-utp.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1352, updated_at 2023_03_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.asia.dnswarden.com"; dns.query; content:"doh.asia.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1353, updated_at 2022_07_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eu.dnswarden.com"; dns.query; content:"doh.eu.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1354, updated_at 2022_07_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.us.dnswarden.com"; dns.query; content:"doh.us.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1355, updated_at 2022_07_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscache.eutp.net"; dns.query; content:"dnscache.eutp.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1359, updated_at 2023_03_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blitz.ahadns.com"; dns.query; content:"blitz.ahadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1360, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bebasid.com"; dns.query; content:"dns.bebasid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1371, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.ipv6.dnscrypt.ca"; dns.query; content:"dns2.ipv6.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1375, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.ipv6.dnscrypt.ca"; dns.query; content:"dns1.ipv6.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1377, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitalsize.net"; dns.query; content:"dns.digitalsize.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1379, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsesnoads.alekberg.net"; dns.query; content:"dnsesnoads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1381, updated_at 2022_06_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssenoads.alekberg.net"; dns.query; content:"dnssenoads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1382, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.safesurfer.io"; dns.query; content:"doh.safesurfer.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1385, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for puredns.org"; dns.query; content:"puredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1386, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsunfiltered.adguard.com"; dns.query; content:"dnsunfiltered.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1387, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycsast.dns.nextdns.io"; dns.query; content:"anycsast.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1388, updated_at 2022_06_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for httpdns-push.heytapmobile.com"; dns.query; content:"httpdns-push.heytapmobile.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1390, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blitz-setup.ahadns.com"; dns.query; content:"blitz-setup.ahadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1394, updated_at 2023_11_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.dns.nextdns.io"; dns.query; content:"anycast.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1403, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.puredns.org"; dns.query; content:"family.puredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1404, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.disconnect.app"; dns.query; content:"doh.disconnect.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1405, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for helios.plan9dns.com"; dns.query; content:"helios.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1406, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pluton.plan9dns.com"; dns.query; content:"pluton.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1407, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kronos.plan9dns.com"; dns.query; content:"kronos.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1408, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnswarden.com"; dns.query; content:"dns.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1414, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr1.dnswarden.com"; dns.query; content:"fr1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1415, updated_at 2022_09_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ind1.dnswarden.com"; dns.query; content:"ind1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1416, updated_at 2022_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg1.dnswarden.com"; dns.query; content:"sg1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1417, updated_at 2022_09_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.dnswarden.com"; dns.query; content:"us1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1418, updated_at 2022_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-doh-no-safe-search.dnsforfamily.com"; dns.query; content:"dns-doh-no-safe-search.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1423, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cube.neubsi.at"; dns.query; content:"cube.neubsi.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1492, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neubsi.at"; dns.query; content:"dns.neubsi.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1493, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.belnet.be"; dns.query; content:"dns.belnet.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27990431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1494, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datahata.by"; dns.query; content:"doh.datahata.by"; nocase; fast_pattern; classtype:bad-unknown; sid:27990432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1495, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu2.dns.lavate.ch"; dns.query; content:"eu2.dns.lavate.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1505, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quickline.ch"; dns.query; content:"dns.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1507, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.quickline.ch"; dns.query; content:"dns1.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1508, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.quickline.ch"; dns.query; content:"dns2.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1509, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.quickline.ch"; dns.query; content:"dot.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1511, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 360.233py.com"; dns.query; content:"360.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1514, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alternate-dns.com"; dns.query; content:"dns.alternate-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1522, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.arekjatim.com"; dns.query; content:"doh.arekjatim.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1523, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for france.beatquantum.com"; dns.query; content:"france.beatquantum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1524, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk.beatquantum.com"; dns.query; content:"uk.beatquantum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1525, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usa.beatquantum.com"; dns.query; content:"usa.beatquantum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1526, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bt.com"; dns.query; content:"doh.bt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1537, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cubedns.com"; dns.query; content:"cubedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1547, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsenc.com"; dns.query; content:"dnsenc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1549, updated_at 2023_08_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for easyhandshake.com"; dns.query; content:"easyhandshake.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1558, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.noaddns.com"; dns.query; content:"resolver.noaddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1559, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for helios.plan9-dns.com"; dns.query; content:"helios.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1562, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kronos.plan9-dns.com"; dns.query; content:"kronos.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1563, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pluton.plan9-dns.com"; dns.query; content:"pluton.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1564, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.scapetical.com"; dns.query; content:"dns.scapetical.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1570, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns03.dns.tin-fan.com"; dns.query; content:"ns03.dns.tin-fan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1573, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jabber-germany.de"; dns.query; content:"jabber-germany.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1580, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.jabber-germany.de"; dns.query; content:"www.jabber-germany.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1581, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for masters-of-cloud.de"; dns.query; content:"masters-of-cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1582, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.masters-of-cloud.de"; dns.query; content:"www.masters-of-cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1583, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.morbitzer.de"; dns.query; content:"www.morbitzer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1584, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mertcan.dev"; dns.query; content:"dns.mertcan.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1586, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ndo.dev"; dns.query; content:"dns.ndo.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1587, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1-doh.iriseden.fr"; dns.query; content:"ns1-doh.iriseden.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1591, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2-doh.iriseden.fr"; dns.query; content:"ns2-doh.iriseden.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1592, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gi.co.id"; dns.query; content:"dns.gi.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1597, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for please.dontsteal.my.id"; dns.query; content:"please.dontsteal.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1598, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.iucc.ac.il"; dns.query; content:"doh.iucc.ac.il"; nocase; fast_pattern; classtype:bad-unknown; sid:27990465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1599, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.micronets.in"; dns.query; content:"doh.micronets.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1600, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bld.sys-adm.in"; dns.query; content:"bld.sys-adm.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1601, updated_at 2023_05_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lv"; dns.query; content:"doh.lv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1615, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nic.lv"; dns.query; content:"doh.nic.lv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1616, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnl-noads.alekberg.net"; dns.query; content:"dnsnl-noads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1631, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsse-noads.alekberg.net"; dns.query; content:"dnsse-noads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1633, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.as203038.net"; dns.query; content:"resolver.as203038.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1636, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dos.bytetel.net"; dns.query; content:"dos.bytetel.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1638, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yarp.lefolgoc.net"; dns.query; content:"yarp.lefolgoc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1649, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.r0cket.net"; dns.query; content:"resolver.r0cket.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1658, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.us1.segurodns.net"; dns.query; content:"doh.us1.segurodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1659, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ans2.tdnszone.net"; dns.query; content:"ans2.tdnszone.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1660, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ipoac.nl"; dns.query; content:"ipoac.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1664, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anydoh.sidnlabs.nl"; dns.query; content:"anydoh.sidnlabs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1666, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sidnlabs.nl"; dns.query; content:"doh.sidnlabs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1667, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.artikel10.org"; dns.query; content:"dns.artikel10.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1668, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.syshero.org"; dns.query; content:"doh.syshero.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1677, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.neowutran.ovh"; dns.query; content:"doh.neowutran.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1682, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xcom.pro"; dns.query; content:"doh.xcom.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27990484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1683, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.anonymous.pw"; dns.query; content:"dns.anonymous.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1685, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd.doh.sb"; dns.query; content:"au-syd.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1688, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-yyc.doh.sb"; dns.query; content:"ca-yyc.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1689, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-dus.doh.sb"; dns.query; content:"de-dus.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1690, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fra.doh.sb"; dns.query; content:"de-fra.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1691, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ee-tll.doh.sb"; dns.query; content:"ee-tll.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1692, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-hkg.doh.sb"; dns.query; content:"hk-hkg.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1693, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for in-blr.doh.sb"; dns.query; content:"in-blr.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1694, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-kix.doh.sb"; dns.query; content:"jp-kix.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1695, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-nrt.doh.sb"; dns.query; content:"jp-nrt.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1696, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr-sel.doh.sb"; dns.query; content:"kr-sel.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1697, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams.doh.sb"; dns.query; content:"nl-ams.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1698, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams2.doh.sb"; dns.query; content:"nl-ams2.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1699, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mow.doh.sb"; dns.query; content:"ru-mow.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1700, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-sin.doh.sb"; dns.query; content:"sg-sin.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1701, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk-lon.doh.sb"; dns.query; content:"uk-lon.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1702, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-doh.sb"; dns.query; content:"us-chi-doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1703, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudtrust.solutions"; dns.query; content:"dns.cloudtrust.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27990502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1704, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kawa.tf"; dns.query; content:"dns.kawa.tf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1707, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.melalandia.tk"; dns.query; content:"dns.melalandia.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1708, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for do.dnscrypt.uk"; dns.query; content:"do.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1710, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic2.i2pd.xyz"; dns.query; content:"opennic2.i2pd.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1716, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neatdns.ustclug.org"; dns.query; content:"neatdns.ustclug.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1725, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for berd.moe"; dns.query; content:"berd.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1731, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arashi.eu.org"; dns.query; content:"arashi.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1733, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ipv6dns.com"; dns.query; content:"dns.ipv6dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1734, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.futa.gg"; dns.query; content:"doh.futa.gg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1747, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hitian.me"; dns.query; content:"hitian.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1748, updated_at 2023_09_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lars-lehmann.net"; dns.query; content:"dns.lars-lehmann.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1750, updated_at 2023_05_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hydroxlab.ru.com"; dns.query; content:"hydroxlab.ru.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1753, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tundranet.hec.to"; dns.query; content:"tundranet.hec.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27990515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1758, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edgy-dns.com"; dns.query; content:"edgy-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1759, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.infotek.net.id"; dns.query; content:"doh.infotek.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1760, updated_at 2023_02_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.paesa.es"; dns.query; content:"dns.paesa.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27990518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1761, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.rezhajul.io"; dns.query; content:"doh.rezhajul.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1765, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sbydoh.limotelu.org"; dns.query; content:"sbydoh.limotelu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1766, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sby-doh.limotelu.org"; dns.query; content:"sby-doh.limotelu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1773, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unfiltered.adguard-dns.com"; dns.query; content:"unfiltered.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1774, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.apple.com.v.aaplimg.com"; dns.query; content:"doh.dns.apple.com.v.aaplimg.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1802, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard-dns.com"; dns.query; content:"dns.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1804, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.adguard-dns.com"; dns.query; content:"family.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1805, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.libredns.gr"; dns.query; content:"dot.libredns.gr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1807, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.freedns.controld.com"; dns.query; content:"family.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1808, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.freedns.controld.com"; dns.query; content:"uncensored.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1809, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dandelionsprout.asuscomm.com"; dns.query; content:"dandelionsprout.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1810, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for max.rethinkdns.com"; dns.query; content:"max.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1812, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnslow.me"; dns.query; content:"dnslow.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1814, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lacontrevoie.fr"; dns.query; content:"doh.lacontrevoie.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1834, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xorbiadns.com"; dns.query; content:"xorbiadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1854, updated_at 2023_08_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for catsimple.cf"; dns.query; content:"catsimple.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1985, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.7vpn.com"; dns.query; content:"dns.7vpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1986, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ipoac.nl"; dns.query; content:"dns.ipoac.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1988, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic1.eth-services.de"; dns.query; content:"opennic1.eth-services.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1990, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hinet.net"; dns.query; content:"dns.hinet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1991, updated_at 2023_09_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spacedns.org"; dns.query; content:"spacedns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2010, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keweon.center"; dns.query; content:"dns.keweon.center"; nocase; fast_pattern; classtype:bad-unknown; sid:27990540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2014, updated_at 2023_10_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eddi.net"; dns.query; content:"dns.eddi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2020, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.froth.zone"; dns.query; content:"dns.froth.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2021, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a-bld.sys-adm.in"; dns.query; content:"a-bld.sys-adm.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2030, updated_at 2023_05_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.opennameserver.org"; dns.query; content:"ns1.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2032, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.opennameserver.org"; dns.query; content:"ns2.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2033, updated_at 2023_02_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.opennameserver.org"; dns.query; content:"ns3.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2034, updated_at 2023_01_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sky.rethinkdns.com"; dns.query; content:"sky.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2044, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atelier.alica.idv.tw"; dns.query; content:"atelier.alica.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2056, updated_at 2022_11_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for awan.ftp.sh"; dns.query; content:"awan.ftp.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2057, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.vvvglass.com"; dns.query; content:"a.vvvglass.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2058, updated_at 2022_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nebula.tru.io"; dns.query; content:"nebula.tru.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2059, updated_at 2023_01_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nat64.tuxis.nl"; dns.query; content:"nat64.tuxis.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2060, updated_at 2023_01_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ines.zfn.uni-bremen.de"; dns.query; content:"ines.zfn.uni-bremen.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2061, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.wewitro.net"; dns.query; content:"doh.wewitro.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2062, updated_at 2023_03_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-dns1.bancuh.com"; dns.query; content:"sg-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2063, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-dns1.bancuh.com"; dns.query; content:"fr-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2064, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-dns1.bancuh.com"; dns.query; content:"jp-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2065, updated_at 2023_08_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk.teradns.org"; dns.query; content:"uk.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2068, updated_at 2023_01_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.teradns.org"; dns.query; content:"de.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2069, updated_at 2023_08_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ny.teradns.org"; dns.query; content:"ny.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2070, updated_at 2023_05_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tx.teradns.org"; dns.query; content:"tx.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2071, updated_at 2023_04_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.teradns.org"; dns.query; content:"sg.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2072, updated_at 2023_04_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abel.waringer-atg.de"; dns.query; content:"abel.waringer-atg.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2073, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bitdefender.net"; dns.query; content:"dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2074, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chaos-system.de"; dns.query; content:"chaos-system.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2075, updated_at 2023_03_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca.doh.cloudveil.org"; dns.query; content:"ca.doh.cloudveil.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2076, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.doh.cloudveil.org"; dns.query; content:"us.doh.cloudveil.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2077, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.flodns.net"; dns.query; content:"ns1.flodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2080, updated_at 2023_07_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cluster-0.gac.edu"; dns.query; content:"cluster-0.gac.edu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2081, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cluster-1.gac.edu"; dns.query; content:"cluster-1.gac.edu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2082, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hshh.org"; dns.query; content:"ns2.hshh.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2083, updated_at 2022_11_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.i-evolve.net"; dns.query; content:"ns1.i-evolve.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2084, updated_at 2022_11_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qlf-doh.inria.fr"; dns.query; content:"qlf-doh.inria.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2085, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.novg.net"; dns.query; content:"dns.novg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2086, updated_at 2023_05_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pope.cnblw.me"; dns.query; content:"pope.cnblw.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2087, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muli.stusta.mhn.de"; dns.query; content:"muli.stusta.mhn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2088, updated_at 2023_10_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tls-data.de"; dns.query; content:"dns.tls-data.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2090, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iris.woozeno.eu"; dns.query; content:"iris.woozeno.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2091, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wyx.cloud"; dns.query; content:"wyx.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2092, updated_at 2023_02_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zougloub.eu"; dns.query; content:"zougloub.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2093, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-dns2.bancuh.com"; dns.query; content:"fr-dns2.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2096, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-dns2.bancuh.com"; dns.query; content:"sg-dns2.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2099, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure-dns.dns-ga.de"; dns.query; content:"secure-dns.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2102, updated_at 2023_01_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.azsopro.net"; dns.query; content:"dns.azsopro.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2115, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst3.absolight.net"; dns.query; content:"res-acst3.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2132, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dotdns.cryptroute.com"; dns.query; content:"dotdns.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2133, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dyn1.de"; dns.query; content:"dns.dyn1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2134, updated_at 2023_03_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fuchur.pentament.de"; dns.query; content:"fuchur.pentament.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2135, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.in-berlin.de"; dns.query; content:"dns1.in-berlin.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2136, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for irre.li"; dns.query; content:"irre.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2137, updated_at 2023_10_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kescher.at"; dns.query; content:"dns.kescher.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2138, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lastentarvike.fi"; dns.query; content:"lastentarvike.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2139, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zrh1-ns01.monzoon.net"; dns.query; content:"zrh1-ns01.monzoon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2140, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsc.torgues.net"; dns.query; content:"nsc.torgues.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2141, updated_at 2023_02_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pates.services.sfr.fr.casepp.sfr.fr"; dns.query; content:"pates.services.sfr.fr.casepp.sfr.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2142, updated_at 2023_02_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.slinkyman.net"; dns.query; content:"dns.slinkyman.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2143, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clientdns3.softcom.net"; dns.query; content:"clientdns3.softcom.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2144, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for esel.stusta.mhn.de"; dns.query; content:"esel.stusta.mhn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2145, updated_at 2023_10_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for timmes.nl"; dns.query; content:"timmes.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2146, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for galileo.math.unipd.it"; dns.query; content:"galileo.math.unipd.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2147, updated_at 2023_05_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tor.vasi.li"; dns.query; content:"tor.vasi.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2148, updated_at 2023_08_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.totoro.pub"; dns.query; content:"doh.totoro.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2150, updated_at 2023_05_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.aguaslindasweb.com.br"; dns.query; content:"ns.aguaslindasweb.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27990603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2151, updated_at 2022_12_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bofh.in"; dns.query; content:"dns.bofh.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2152, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.daw.dev"; dns.query; content:"dns.daw.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2153, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.david888.com"; dns.query; content:"dns.david888.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2154, updated_at 2023_01_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dekonix.ru"; dns.query; content:"adguard.dekonix.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2155, updated_at 2023_08_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.elemental.software"; dns.query; content:"dns.elemental.software"; nocase; fast_pattern; classtype:bad-unknown; sid:27990608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2156, updated_at 2023_07_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fancyorg.at"; dns.query; content:"dns.fancyorg.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2157, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.flm9.net"; dns.query; content:"dns01.flm9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2158, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.funtopia.tv"; dns.query; content:"doh.funtopia.tv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2159, updated_at 2023_03_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ginovs.nl"; dns.query; content:"dns.ginovs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2160, updated_at 2023_03_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for himedns.com"; dns.query; content:"himedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2161, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jackyes.ovh"; dns.query; content:"jackyes.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2162, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jfchenier.ca"; dns.query; content:"adguard.jfchenier.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2163, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.k3nny.fr"; dns.query; content:"dns.k3nny.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2164, updated_at 2023_01_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.molinero.dev"; dns.query; content:"dns.molinero.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2165, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nielsvoorn.nl"; dns.query; content:"adguard.nielsvoorn.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2166, updated_at 2023_02_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.niyawe.de"; dns.query; content:"doh.niyawe.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2167, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nullgate.net"; dns.query; content:"dns.nullgate.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2168, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.port53.dk"; dns.query; content:"doh.port53.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2169, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpsus3.pzhg.me"; dns.query; content:"vpsus3.pzhg.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2170, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.surfshark.com"; dns.query; content:"dns.surfshark.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2171, updated_at 2023_07_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vinnyp.xyz"; dns.query; content:"dns.vinnyp.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2172, updated_at 2023_10_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vinokurov.tk"; dns.query; content:"dns.vinokurov.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2173, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.warpnine.de"; dns.query; content:"dns.warpnine.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2174, updated_at 2023_02_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.xhr0no.my"; dns.query; content:"1.xhr0no.my"; nocase; fast_pattern; classtype:bad-unknown; sid:27990627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2175, updated_at 2023_01_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aihe.app"; dns.query; content:"aihe.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2176, updated_at 2023_05_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.almir1904.eu"; dns.query; content:"dns.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2177, updated_at 2023_06_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsec.arnor.org"; dns.query; content:"nsec.arnor.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2178, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b612.me"; dns.query; content:"dns.b612.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2179, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.infosec.xyz"; dns.query; content:"dns.infosec.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2180, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.borjalopez.eu"; dns.query; content:"adblock.borjalopez.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2181, updated_at 2023_01_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.c-dns.com"; dns.query; content:"www.c-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2182, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ccb-net.it"; dns.query; content:"doh.ccb-net.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2183, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ceai.com.tw"; dns.query; content:"dns.ceai.com.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2184, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c.cicitt.ch"; dns.query; content:"c.cicitt.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2185, updated_at 2023_03_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.clanless.ovh"; dns.query; content:"dns.clanless.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2186, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.colorfreedom.org"; dns.query; content:"dns.colorfreedom.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2187, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.conne.net"; dns.query; content:"dns1.conne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2188, updated_at 2022_12_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.00dani.me"; dns.query; content:"ns.00dani.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2189, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.data.haus"; dns.query; content:"mail.data.haus"; nocase; fast_pattern; classtype:bad-unknown; sid:27990642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2190, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nz01.dns4me.net"; dns.query; content:"nz01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2191, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au01.dns4me.net"; dns.query; content:"au01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2192, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au02.dns4me.net"; dns.query; content:"au02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2193, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg01.dns4me.net"; dns.query; content:"sg01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2194, updated_at 2023_08_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk01.dns4me.net"; dns.query; content:"uk01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2195, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us01.dns4me.net"; dns.query; content:"us01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2196, updated_at 2023_06_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us02.dns4me.net"; dns.query; content:"us02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2197, updated_at 2023_06_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sa01.dns4me.net"; dns.query; content:"sa01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2198, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dukun.de"; dns.query; content:"dukun.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2199, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.emiliyan.com"; dns.query; content:"dns.emiliyan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2200, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zzuhacker.cn"; dns.query; content:"dns.zzuhacker.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2201, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.funil.de"; dns.query; content:"doh.funil.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2202, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.grqu.de"; dns.query; content:"dns.grqu.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2203, updated_at 2023_02_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hanmey.de"; dns.query; content:"dns.hanmey.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2204, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole2.hoerli.net"; dns.query; content:"pihole2.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2205, updated_at 2023_06_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hshh.org"; dns.query; content:"hshh.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2206, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doth.huque.com"; dns.query; content:"doth.huque.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2207, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ihaveacloud.com"; dns.query; content:"dns.ihaveacloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2208, updated_at 2023_02_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for buc-m2.illmods.com"; dns.query; content:"buc-m2.illmods.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2209, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.indust.me"; dns.query; content:"dns.indust.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2210, updated_at 2023_09_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.jeroenhd.nl"; dns.query; content:"doh.jeroenhd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2211, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hahnjo.de"; dns.query; content:"dns.hahnjo.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2212, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kamilszczepanski.com"; dns.query; content:"dns.kamilszczepanski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2213, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kernel-error.de"; dns.query; content:"dns.kernel-error.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2214, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kosan.moe"; dns.query; content:"dns.kosan.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2215, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xray.krnl.eu"; dns.query; content:"xray.krnl.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2216, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kswro.web.id"; dns.query; content:"kswro.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2217, updated_at 2023_04_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lightmaster.pw"; dns.query; content:"dns.lightmaster.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2218, updated_at 2023_01_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for br.servers.legat.ml"; dns.query; content:"br.servers.legat.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2219, updated_at 2023_03_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maybe.icu"; dns.query; content:"dns.maybe.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2220, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testaghome.meshkov.info"; dns.query; content:"testaghome.meshkov.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2221, updated_at 2023_10_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.truong.fi"; dns.query; content:"dns.truong.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2222, updated_at 2023_08_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnstls.mobik.com"; dns.query; content:"dnstls.mobik.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2223, updated_at 2023_11_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.murgi.de"; dns.query; content:"dns.murgi.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2224, updated_at 2023_10_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.myon.lu"; dns.query; content:"blackhole.myon.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2225, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ender.fr"; dns.query; content:"adguard.ender.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2226, updated_at 2023_04_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.luigi.nexific.it"; dns.query; content:"doh.luigi.nexific.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2227, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi1.node15.com"; dns.query; content:"pi1.node15.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2228, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.npe.bz"; dns.query; content:"dns.npe.bz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2229, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.onlyfriends.info"; dns.query; content:"adguard.onlyfriends.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2230, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp2.ooroot.com"; dns.query; content:"jp2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2231, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg2.ooroot.com"; dns.query; content:"sg2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2232, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk2.ooroot.com"; dns.query; content:"hk2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2233, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tw2.ooroot.com"; dns.query; content:"tw2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2234, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr2.ooroot.com"; dns.query; content:"kr2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2235, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for at.pzhg.me"; dns.query; content:"at.pzhg.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2236, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rafn.is"; dns.query; content:"dns.rafn.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27990689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2237, updated_at 2023_04_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rayneau.fr"; dns.query; content:"rayneau.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2238, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.reckoningslug.name"; dns.query; content:"dns.reckoningslug.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27990691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2239, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ricko.is"; dns.query; content:"ricko.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27990692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2240, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rin.sh"; dns.query; content:"dns.rin.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2241, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sellan.fr"; dns.query; content:"dns.sellan.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2242, updated_at 2023_10_16;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for do.shimul.me"; dns.query; content:"do.shimul.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2243, updated_at 2023_09_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.silen.org"; dns.query; content:"dns.silen.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2244, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.startupstack.tech"; dns.query; content:"dns.startupstack.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2245, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.syaifullah.com"; dns.query; content:"dns.syaifullah.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2246, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tesem.dog"; dns.query; content:"dns.tesem.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27990699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2247, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.tezoi.com"; dns.query; content:"cloud.tezoi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2248, updated_at 2023_07_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ueni.dyndns.org"; dns.query; content:"ueni.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2249, updated_at 2023_06_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for your-dns.run"; dns.query; content:"your-dns.run"; nocase; fast_pattern; classtype:bad-unknown; sid:27990702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2250, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ypbind.de"; dns.query; content:"dns.ypbind.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2251, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zfsystem.tech"; dns.query; content:"dns.zfsystem.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2252, updated_at 2023_05_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst1.absolight.net"; dns.query; content:"res-acst1.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2351, updated_at 2023_08_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst2.absolight.net"; dns.query; content:"res-acst2.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2352, updated_at 2023_04_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.absolight.net"; dns.query; content:"resolver1.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2353, updated_at 2023_08_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.absolight.net"; dns.query; content:"resolver2.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2354, updated_at 2023_04_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver3.absolight.net"; dns.query; content:"resolver3.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2355, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole1.hoerli.net"; dns.query; content:"pihole1.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2356, updated_at 2023_08_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole3.hoerli.net"; dns.query; content:"pihole3.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2357, updated_at 2023_04_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole4.hoerli.net"; dns.query; content:"pihole4.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2358, updated_at 2023_07_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns4.opennameserver.org"; dns.query; content:"ns4.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2359, updated_at 2023_02_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.futuredns.me"; dns.query; content:"dns.futuredns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2376, updated_at 2023_08_31;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bayas.dev"; dns.query; content:"dns.bayas.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2430, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hafidzradhival.my.id"; dns.query; content:"dns.hafidzradhival.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2431, updated_at 2023_09_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.qquack.org"; dns.query; content:"ns1.qquack.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2432, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-ny-alula.heliumcloud.cc"; dns.query; content:"us-ny-alula.heliumcloud.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2434, updated_at 2023_09_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cybershell.xyz"; dns.query; content:"dns.cybershell.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2471, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lsho.top"; dns.query; content:"dns.lsho.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2472, updated_at 2023_08_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.unstoppable.io"; dns.query; content:"resolver.unstoppable.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2473, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.velyn.my.id"; dns.query; content:"doh.velyn.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2474, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.flodns.net"; dns.query; content:"ns2.flodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2480, updated_at 2023_07_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hotta.page"; dns.query; content:"dns.hotta.page"; nocase; fast_pattern; classtype:bad-unknown; sid:27990724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2481, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for free.shecan.ir"; dns.query; content:"free.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2482, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stevenz.net"; dns.query; content:"dns.stevenz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2483, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chromeina.top"; dns.query; content:"dns.chromeina.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2484, updated_at 2023_07_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpdns.cola16.app"; dns.query; content:"jpdns.cola16.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2485, updated_at 2023_06_03;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datacore.ch"; dns.query; content:"doh.datacore.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2486, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-primary-pool.detoxifypornblocker.com"; dns.query; content:"doh-primary-pool.detoxifypornblocker.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2487, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca01.dns4me.net"; dns.query; content:"ca01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2488, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca02.dns4me.net"; dns.query; content:"ca02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2489, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.frank-ruan.com"; dns.query; content:"dns.frank-ruan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2490, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-primary-pool.goodbyegambling.com"; dns.query; content:"doh-primary-pool.goodbyegambling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2491, updated_at 2023_02_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.haneulo.com"; dns.query; content:"adguard.haneulo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2492, updated_at 2023_09_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.hottis.de"; dns.query; content:"doh.hottis.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2493, updated_at 2023_02_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.buzz"; dns.query; content:"doh.buzz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2494, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.beauty"; dns.query; content:"doh.beauty"; nocase; fast_pattern; classtype:bad-unknown; sid:27990738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2495, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.killtw.im"; dns.query; content:"doh.killtw.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27990739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2496, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.meeo.win"; dns.query; content:"dns.meeo.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2497, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nala.ru"; dns.query; content:"doh.nala.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2498, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nhtsky.com"; dns.query; content:"dns.nhtsky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2499, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr1.ooroot.com"; dns.query; content:"kr1.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2500, updated_at 2023_04_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.gcp.pathofgrace.com"; dns.query; content:"doh.gcp.pathofgrace.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2501, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pyry.me"; dns.query; content:"doh.pyry.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2502, updated_at 2023_04_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shecan.ir"; dns.query; content:"dns.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2503, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pro.shecan.ir"; dns.query; content:"pro.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2504, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.zachitect.com"; dns.query; content:"adguard.zachitect.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2505, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.aa4.co.uk"; dns.query; content:"adguard.aa4.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2532, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cloudmini.net"; dns.query; content:"adguard.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2533, updated_at 2023_02_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.justinnetworkingsolutions.com"; dns.query; content:"dns.justinnetworkingsolutions.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2534, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.theres.one"; dns.query; content:"dns.theres.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2535, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-dns.turker.info"; dns.query; content:"adguard-dns.turker.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2536, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-ironhide.ultima-thule.ru"; dns.query; content:"adguard-ironhide.ultima-thule.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2537, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wirimij.nl"; dns.query; content:"adguard.wirimij.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2538, updated_at 2023_02_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-kartoffel.zernico.de"; dns.query; content:"adguard-kartoffel.zernico.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2539, updated_at 2023_01_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-server.cf"; dns.query; content:"adguard-server.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2540, updated_at 2023_02_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ye.167g.com"; dns.query; content:"ye.167g.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2542, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oraclejp2.chungyu.com"; dns.query; content:"oraclejp2.chungyu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2543, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.dlinkddns.com"; dns.query; content:"home.dlinkddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2544, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tecmood.com"; dns.query; content:"dns.tecmood.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2546, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.xiaoniaoyou.com"; dns.query; content:"adguard.xiaoniaoyou.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2547, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.do"; dns.query; content:"mydns.do"; nocase; fast_pattern; classtype:bad-unknown; sid:27990763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2549, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.mydns.do"; dns.query; content:"www.mydns.do"; nocase; fast_pattern; classtype:bad-unknown; sid:27990764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2550, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for diplo.es"; dns.query; content:"diplo.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27990765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2551, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns02.almir1904.eu"; dns.query; content:"dns02.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2552, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1a.ns.ozer.im"; dns.query; content:"1a.ns.ozer.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27990767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2553, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ihatemy.live"; dns.query; content:"adguard.ihatemy.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27990768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2555, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hjk.me"; dns.query; content:"ns2.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2556, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.josephyap.me"; dns.query; content:"adguard.josephyap.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2557, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.myddns.me"; dns.query; content:"adguard.myddns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2558, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.radityaharya.me"; dns.query; content:"dns.radityaharya.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2559, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.timboeh.me"; dns.query; content:"dns.timboeh.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2560, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.besoon.ml"; dns.query; content:"dns.besoon.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2561, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kent6.ajaest.net"; dns.query; content:"adguard.kent6.ajaest.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2562, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neilawsag.ddns.net"; dns.query; content:"neilawsag.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2564, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lege.despagne.net"; dns.query; content:"adguard.lege.despagne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2565, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ie-dub-w-1.nashkan.net"; dns.query; content:"ie-dub-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2566, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edgar.tobkar.net"; dns.query; content:"edgar.tobkar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2567, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad1guard.duckdns.org"; dns.query; content:"ad1guard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2570, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drovosekov.duckdns.org"; dns.query; content:"drovosekov.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2571, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home27.duckdns.org"; dns.query; content:"home27.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2572, updated_at 2023_11_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mikeliu.org"; dns.query; content:"dns.mikeliu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2573, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odcold.ru"; dns.query; content:"odcold.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2574, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for timeadc.ru"; dns.query; content:"timeadc.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2575, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cytrynowepole.tk"; dns.query; content:"cytrynowepole.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2577, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.djay.tk"; dns.query; content:"adguard.djay.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2578, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kendentil.org.uk"; dns.query; content:"kendentil.org.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2580, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.razor1911.xyz"; dns.query; content:"dns.razor1911.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2581, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.atakorah.com"; dns.query; content:"adguardhome.atakorah.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2582, updated_at 2023_01_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdoh.art"; dns.query; content:"dnsdoh.art"; nocase; fast_pattern; classtype:bad-unknown; sid:27990791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2583, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 71c4dec2.d.adguard-dns.com"; dns.query; content:"71c4dec2.d.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2584, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns4all.eu"; dns.query; content:"doh.dns4all.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2586, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oceanprint.com.br"; dns.query; content:"dns.oceanprint.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27990794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2587, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgh.skyview.click"; dns.query; content:"adgh.skyview.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27990795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2588, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dawnings.cn"; dns.query; content:"www.dawnings.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2589, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.apollohct.com"; dns.query; content:"ag.apollohct.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2590, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgs02.just-a-web.com"; dns.query; content:"sgs02.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2591, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.surobe.com"; dns.query; content:"dns.surobe.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2592, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.avc.cx"; dns.query; content:"vps.avc.cx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2593, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jabber-server.de"; dns.query; content:"jabber-server.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2594, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolv.srv-pro.de"; dns.query; content:"resolv.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2595, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nick85.eu"; dns.query; content:"dns1.nick85.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2596, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-sv-my01.aucnier.my.id"; dns.query; content:"dns-sv-my01.aucnier.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2597, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id-one.aucnier.my.id"; dns.query; content:"id-one.aucnier.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2598, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vdl.io"; dns.query; content:"dns.vdl.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2599, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bluemood.me"; dns.query; content:"bluemood.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2600, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c6.ownvps.ml"; dns.query; content:"c6.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2601, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.3dcapitaltrust.net"; dns.query; content:"dns.3dcapitaltrust.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2602, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-2.nashkan.net"; dns.query; content:"us-chi-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2603, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for visitoid.online"; dns.query; content:"visitoid.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27990811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2604, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ghost.pm"; dns.query; content:"dns.ghost.pm"; nocase; fast_pattern; classtype:bad-unknown; sid:27990812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2605, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nn7.pw"; dns.query; content:"adguard.nn7.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2606, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.proshvip.space"; dns.query; content:"de.proshvip.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27990814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2607, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ray1.wewa.work"; dns.query; content:"ray1.wewa.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27990815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2608, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for az2q.xyz"; dns.query; content:"az2q.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2609, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.az2q.xyz"; dns.query; content:"www.az2q.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2610, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.ff0x.ca"; dns.query; content:"ag.ff0x.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2611, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blockads.cf"; dns.query; content:"blockads.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2612, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ux.go20.cf"; dns.query; content:"ux.go20.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2613, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skww726.cf"; dns.query; content:"skww726.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2614, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.cloud"; dns.query; content:"noads.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2615, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xinwujiang.cn"; dns.query; content:"dns.xinwujiang.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2616, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adrianlam.com"; dns.query; content:"dns.adrianlam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2617, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudseriousshit.com"; dns.query; content:"cloudseriousshit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2618, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.eajtech.com"; dns.query; content:"dns01.eajtech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2619, updated_at 2022_12_31;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for garage.jjlizz.com"; dns.query; content:"garage.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2620, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for karimdns.com"; dns.query; content:"karimdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2621, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for powercloud.myasustor.com"; dns.query; content:"powercloud.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2622, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.qenisis.com"; dns.query; content:"adguard.qenisis.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2623, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-east.tylerwahl.com"; dns.query; content:"dns-east.tylerwahl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2624, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for typaza.com"; dns.query; content:"typaza.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2625, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ondrejsramek.cz"; dns.query; content:"adguard.ondrejsramek.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2626, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.qooqle.date"; dns.query; content:"dot.qooqle.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27990834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2627, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chriskutschker.de"; dns.query; content:"chriskutschker.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2628, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.chriskutschker.de"; dns.query; content:"adguard.chriskutschker.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2629, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.adguard.chriskutschker.de"; dns.query; content:"www.adguard.chriskutschker.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2630, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nxtcld.chriskutschker.de"; dns.query; content:"nxtcld.chriskutschker.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2631, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.chriskutschker.de"; dns.query; content:"www.chriskutschker.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2632, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-enzel.de"; dns.query; content:"dns-enzel.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2633, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for project-evoex.de"; dns.query; content:"project-evoex.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2634, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.psociety.de"; dns.query; content:"dns.psociety.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2635, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.siry.de"; dns.query; content:"dns.siry.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2636, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.avdkishore.dev"; dns.query; content:"adguard.avdkishore.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2637, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.azcom.dev"; dns.query; content:"dns.azcom.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2638, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kr.chavy.dev"; dns.query; content:"dns.kr.chavy.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2639, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kashall.dev"; dns.query; content:"dns.kashall.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2640, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for genscorp.es"; dns.query; content:"genscorp.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27990848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2641, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 51-159-64-28.rev.poneytelecom.eu"; dns.query; content:"51-159-64-28.rev.poneytelecom.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2642, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.serverhostig.eu"; dns.query; content:"adguard.serverhostig.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2643, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.harvester.fr"; dns.query; content:"dns.harvester.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2644, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pouifamily.fr"; dns.query; content:"adguard.pouifamily.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2645, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qkc.fr"; dns.query; content:"dns.qkc.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2646, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardh.ga"; dns.query; content:"adguardh.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27990854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2647, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for newconnect.ga"; dns.query; content:"newconnect.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27990855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2648, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.unima.ac.id"; dns.query; content:"adguard2.unima.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2649, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for open-resolver1.unima.ac.id"; dns.query; content:"open-resolver1.unima.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2650, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.spil.co.id"; dns.query; content:"dns.spil.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2651, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oii.im"; dns.query; content:"dns.oii.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27990859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2652, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.harrache.info"; dns.query; content:"dns.harrache.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2653, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unx.io"; dns.query; content:"dns.unx.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2654, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jungle-im.ir"; dns.query; content:"dns.jungle-im.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2655, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.afna.link"; dns.query; content:"doh.afna.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27990863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2656, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yair.link"; dns.query; content:"yair.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27990864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2657, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shimul.me"; dns.query; content:"dns.shimul.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2658, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arches-srv1.8ws.net"; dns.query; content:"arches-srv1.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2659, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arches-srv2.8ws.net"; dns.query; content:"arches-srv2.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2660, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outie.8ws.net"; dns.query; content:"outie.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2661, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outiejr.8ws.net"; dns.query; content:"outiejr.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2662, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ambiya.net"; dns.query; content:"adguard.ambiya.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2663, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-tls.chamberirc.net"; dns.query; content:"dns-tls.chamberirc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2664, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudlnk.net"; dns.query; content:"dns.cloudlnk.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2665, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leochen-dns.ddns.net"; dns.query; content:"leochen-dns.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2666, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sradminfk.ddns.net"; dns.query; content:"sradminfk.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2667, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps1.jnraptor.net"; dns.query; content:"vps1.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2668, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads-eu.landgame.net"; dns.query; content:"ads-eu.landgame.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2669, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id-pon-w-1.nashkan.net"; dns.query; content:"id-pon-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2670, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ps-tel-w-2.nashkan.net"; dns.query; content:"ps-tel-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2671, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tr-izm-w-1.nashkan.net"; dns.query; content:"tr-izm-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2672, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-den-w-1.nashkan.net"; dns.query; content:"us-den-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2673, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for serbri.net"; dns.query; content:"serbri.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2674, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.herkhof.nl"; dns.query; content:"dns.herkhof.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2675, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.forst.one"; dns.query; content:"adguard.forst.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2676, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hakim.one"; dns.query; content:"dns.hakim.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2677, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.hakim.one"; dns.query; content:"dns2.hakim.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2678, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mitron.one"; dns.query; content:"mitron.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2679, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.mitron.one"; dns.query; content:"www.mitron.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2680, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscity.org"; dns.query; content:"dnscity.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2681, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o--o.duckdns.org"; dns.query; content:"o--o.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2682, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tungdnsne.duckdns.org"; dns.query; content:"tungdnsne.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2683, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tylda.duckdns.org"; dns.query; content:"tylda.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2684, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for davidzeh.eu.org"; dns.query; content:"davidzeh.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2685, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.sunday.eu.org"; dns.query; content:"a.sunday.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2686, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for itlikehell.ru"; dns.query; content:"itlikehell.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2687, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.oms-ctr.ru"; dns.query; content:"adguard.oms-ctr.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2688, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for visitoid.ru"; dns.query; content:"visitoid.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2689, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn-for-test.ru"; dns.query; content:"vpn-for-test.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2690, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.youroute.ru"; dns.query; content:"adguard.youroute.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2691, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for debbix.site"; dns.query; content:"debbix.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27990899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2692, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vegann.space"; dns.query; content:"adguard.vegann.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27990900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2693, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muc-ns02.ibytex.systems"; dns.query; content:"muc-ns02.ibytex.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27990901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2694, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.muc-ns02.ibytex.systems"; dns.query; content:"www.muc-ns02.ibytex.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27990902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2695, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for duyyen.tk"; dns.query; content:"duyyen.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2696, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.tk"; dns.query; content:"ychen.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2697, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frontpace.co.uk"; dns.query; content:"frontpace.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2698, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.n3120.wang"; dns.query; content:"dns1.n3120.wang"; nocase; fast_pattern; classtype:bad-unknown; sid:27990906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2699, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sscw.win"; dns.query; content:"adguard.sscw.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2700, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for protectify.work"; dns.query; content:"protectify.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27990908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2701, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.68360612.xyz"; dns.query; content:"jp.68360612.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2702, updated_at 2023_07_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cays.eyecay.xyz"; dns.query; content:"cays.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2703, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itcz.xyz"; dns.query; content:"dns.itcz.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2704, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tlz.asia"; dns.query; content:"dns.tlz.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27990912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2706, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nxa.21.ax"; dns.query; content:"nxa.21.ax"; nocase; fast_pattern; classtype:bad-unknown; sid:27990913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2707, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for firewall.darknet.bg"; dns.query; content:"firewall.darknet.bg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2708, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.aminetwork.biz"; dns.query; content:"adguard.aminetwork.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2709, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neta.a-desg.cc"; dns.query; content:"neta.a-desg.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2710, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dessoi.cloud"; dns.query; content:"adguard.dessoi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2711, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lsxnb.cn"; dns.query; content:"dns.lsxnb.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2712, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.5ososea.com"; dns.query; content:"kids.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2713, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sradg.eastus.cloudapp.azure.com"; dns.query; content:"sradg.eastus.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2714, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.carson-family.com"; dns.query; content:"dns.carson-family.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2715, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.esegece.com"; dns.query; content:"dns.esegece.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2716, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-family.esegece.com"; dns.query; content:"dns-family.esegece.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2717, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for astana.geekgalaxy.com"; dns.query; content:"astana.geekgalaxy.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2718, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.grussenmeyer.com"; dns.query; content:"vps.grussenmeyer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2719, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.k0rap.com"; dns.query; content:"adguard.k0rap.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2720, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.koodeau.com"; dns.query; content:"dns.koodeau.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2721, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp3.meidouling.com"; dns.query; content:"jp3.meidouling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2722, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.simulhost.com"; dns.query; content:"dns.simulhost.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2723, updated_at 2023_05_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.simulhost.com"; dns.query; content:"www.dns.simulhost.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2724, updated_at 2023_05_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.surfbelow.com"; dns.query; content:"www.surfbelow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2725, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trapdns.com"; dns.query; content:"trapdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2726, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xryen.com"; dns.query; content:"dns.xryen.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2727, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.hm3.day"; dns.query; content:"jp.hm3.day"; nocase; fast_pattern; classtype:bad-unknown; sid:27990934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2728, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.1xyz.de"; dns.query; content:"dns.1xyz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2729, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for florian-reichelt.de"; dns.query; content:"florian-reichelt.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2730, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mcasviper.de"; dns.query; content:"doh.mcasviper.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2731, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lunet.design"; dns.query; content:"dns.lunet.design"; nocase; fast_pattern; classtype:bad-unknown; sid:27990938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2732, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-fw2.sa-sa.eu"; dns.query; content:"dns-fw2.sa-sa.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2733, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skrep.eu"; dns.query; content:"dns.skrep.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2734, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.xn--wosk-tya9k.eu"; dns.query; content:"dot.xn--wosk-tya9k.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2735, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.connect.fail"; dns.query; content:"dns.connect.fail"; nocase; fast_pattern; classtype:bad-unknown; sid:27990942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2736, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zarchbox.fr"; dns.query; content:"dns.zarchbox.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2737, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dupatruwi22.fun"; dns.query; content:"dupatruwi22.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27990944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2738, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dupatruwi22.fun"; dns.query; content:"www.dupatruwi22.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27990945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2739, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.kirmanak.gq"; dns.query; content:"adguardhome.kirmanak.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27990946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2740, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gnb09.id"; dns.query; content:"dns.gnb09.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2741, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d365.in"; dns.query; content:"dns.d365.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2742, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.nods.in"; dns.query; content:"adg.nods.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2743, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amz.long-nguyen.info"; dns.query; content:"amz.long-nguyen.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2744, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.wagno.info"; dns.query; content:"ns1.wagno.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2745, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eliatofani.it"; dns.query; content:"dns.eliatofani.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2746, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spiderman.cust.nexific.it"; dns.query; content:"spiderman.cust.nexific.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2747, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1-secure.wifire.it"; dns.query; content:"dns1-secure.wifire.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2748, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.e2ee.li"; dns.query; content:"dns1.e2ee.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2749, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chriscsc.me"; dns.query; content:"dns.chriscsc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2750, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-home.myddns.me"; dns.query; content:"adguard-home.myddns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2751, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kufei.ml"; dns.query; content:"kufei.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2752, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lfac.ml"; dns.query; content:"dns.lfac.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2753, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surt.ml"; dns.query; content:"surt.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2754, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.blissdns.net"; dns.query; content:"us1.blissdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2755, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wanam.ddns.net"; dns.query; content:"wanam.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2756, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for faradns.net"; dns.query; content:"faradns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2757, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-1.nashkan.net"; dns.query; content:"de-fsn-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2758, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-9.nashkan.net"; dns.query; content:"de-fsn-w-9.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2759, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ua-kyv-w-1.nashkan.net"; dns.query; content:"ua-kyv-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2760, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for creal.sytes.net"; dns.query; content:"creal.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2761, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myagh.viewdns.net"; dns.query; content:"myagh.viewdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2762, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b33.network"; dns.query; content:"dns.b33.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2763, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dutchwhite.nl"; dns.query; content:"dns.dutchwhite.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2764, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pragmasec.nl"; dns.query; content:"dns.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2765, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pragmasec.nl"; dns.query; content:"doh.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2766, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.pragmasec.nl"; dns.query; content:"dot.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2767, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for imap.pragmasec.nl"; dns.query; content:"imap.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2768, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.pragmasec.nl"; dns.query; content:"mail.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2769, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.pragmasec.nl"; dns.query; content:"server.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2770, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for smtp.pragmasec.nl"; dns.query; content:"smtp.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2771, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webmail.pragmasec.nl"; dns.query; content:"webmail.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2772, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webmeel.pragmasec.nl"; dns.query; content:"webmeel.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2773, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rowdyengeesje.nl"; dns.query; content:"adguard.rowdyengeesje.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2774, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nafni.one"; dns.query; content:"nafni.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2775, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for the.nafni.one"; dns.query; content:"the.nafni.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2776, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.apigw.online"; dns.query; content:"dns.apigw.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27990983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2777, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dieucq.online"; dns.query; content:"dieucq.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27990984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2778, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for goitoi.duckdns.org"; dns.query; content:"goitoi.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2779, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kiwifunke.duckdns.org"; dns.query; content:"kiwifunke.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2780, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olivier-adguard.duckdns.org"; dns.query; content:"olivier-adguard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2781, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x-o-x.duckdns.org"; dns.query; content:"x-o-x.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2782, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg2.tt502.eu.org"; dns.query; content:"sg2.tt502.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2783, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leo.z0p.org"; dns.query; content:"leo.z0p.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2784, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for levislondon-proxy.nerdpol.ovh"; dns.query; content:"levislondon-proxy.nerdpol.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2785, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.x11.pw"; dns.query; content:"dns.x11.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2786, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dergun.quest"; dns.query; content:"dergun.quest"; nocase; fast_pattern; classtype:bad-unknown; sid:27990993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2787, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eweyo.ru"; dns.query; content:"eweyo.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2788, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.eweyo.ru"; dns.query; content:"www.eweyo.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2789, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ga3inur.ru"; dns.query; content:"ga3inur.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2790, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.ga3inur.ru"; dns.query; content:"www.ga3inur.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2791, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.geshido.ru"; dns.query; content:"vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2792, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for geshido.vpn.geshido.ru"; dns.query; content:"geshido.vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2793, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roma.vpn.geshido.ru"; dns.query; content:"roma.vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2794, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wir.rbs-net.ru"; dns.query; content:"wir.rbs-net.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2795, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ssdns.ru"; dns.query; content:"ssdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2796, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nnet.services"; dns.query; content:"dns.nnet.services"; nocase; fast_pattern; classtype:bad-unknown; sid:27991003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2797, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn-tw.teng.sh"; dns.query; content:"vpn-tw.teng.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2798, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.1833015459.site"; dns.query; content:"dns.1833015459.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2799, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cynntex.site"; dns.query; content:"cynntex.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2800, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b33.space"; dns.query; content:"dns.b33.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2801, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b5lwtlgyqyly1typvyshftccwxuhk3zq.space"; dns.query; content:"b5lwtlgyqyly1typvyshftccwxuhk3zq.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2802, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns.jpr.space"; dns.query; content:"addns.jpr.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2803, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns01.lflemming.space"; dns.query; content:"ns01.lflemming.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2804, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lightmaster.space"; dns.query; content:"dns.lightmaster.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2805, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for valis.sx"; dns.query; content:"valis.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2806, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brian-hong.tech"; dns.query; content:"dns.brian-hong.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2807, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.asf1992labs.tk"; dns.query; content:"dns.asf1992labs.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2808, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.f7b6h9.tk"; dns.query; content:"home.f7b6h9.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2809, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lf-ns-001.my.to"; dns.query; content:"lf-ns-001.my.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27991016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2810, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hjh2007.top"; dns.query; content:"dns.hjh2007.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2811, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myweiqi.top"; dns.query; content:"myweiqi.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2812, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yyaan.top"; dns.query; content:"yyaan.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2813, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qaz.tw"; dns.query; content:"qaz.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2814, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zetland.rm-ni.uk"; dns.query; content:"zetland.rm-ni.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2815, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xn--80aecoigf4aatn.xn--p1ai"; dns.query; content:"xn--80aecoigf4aatn.xn--p1ai"; nocase; fast_pattern; classtype:bad-unknown; sid:27991022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2816, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t3c.240130034.xyz"; dns.query; content:"t3c.240130034.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2817, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tj.jamesxue.xyz"; dns.query; content:"tj.jamesxue.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2818, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aws.razor1911.xyz"; dns.query; content:"aws.razor1911.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2819, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for telex.app"; dns.query; content:"telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2820, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mulu.at"; dns.query; content:"adguard.mulu.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2821, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.mulu.at"; dns.query; content:"pihole.mulu.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2822, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chuppa.com.au"; dns.query; content:"dns.chuppa.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2823, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm.mytm.cc"; dns.query; content:"vm.mytm.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2824, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.sas-wres.cc"; dns.query; content:"dns3.sas-wres.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2825, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns168.zhhz.cc"; dns.query; content:"dns168.zhhz.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2826, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bluemeda.cf"; dns.query; content:"dns.bluemeda.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2827, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.muxinghe.cn"; dns.query; content:"dns.muxinghe.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2828, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tipsy.coffee"; dns.query; content:"dns.tipsy.coffee"; nocase; fast_pattern; classtype:bad-unknown; sid:27991035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2829, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.5ososea.com"; dns.query; content:"dns.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2830, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cedricreitz.com"; dns.query; content:"cedricreitz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2831, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for colesdns.com"; dns.query; content:"colesdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2832, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.davidruhmann.com"; dns.query; content:"dns.davidruhmann.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2833, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dlcea.com"; dns.query; content:"dlcea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2834, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usdedi.ecapsul.com"; dns.query; content:"usdedi.ecapsul.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2835, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for promsdns.com"; dns.query; content:"promsdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2836, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for autodiscover.promsdns.com"; dns.query; content:"autodiscover.promsdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2837, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.promsdns.com"; dns.query; content:"mail.promsdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2838, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for owa.promsdns.com"; dns.query; content:"owa.promsdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2839, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.promsdns.com"; dns.query; content:"www.promsdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2840, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r1bnc.com"; dns.query; content:"r1bnc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2841, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve.srv-pro.de"; dns.query; content:"resolve.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2842, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.malwarelul.download"; dns.query; content:"dns.malwarelul.download"; nocase; fast_pattern; classtype:bad-unknown; sid:27991049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2843, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns03.almir1904.eu"; dns.query; content:"dns03.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2844, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh3.almir1904.eu"; dns.query; content:"doh3.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2845, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unasw.eu"; dns.query; content:"unasw.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2846, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.unasw.eu"; dns.query; content:"www.unasw.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2847, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.req1.fr"; dns.query; content:"dns.req1.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2848, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.kapuyhome.hu"; dns.query; content:"adguard1.kapuyhome.hu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2849, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anggityuls.my.id"; dns.query; content:"anggityuls.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2850, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.junacell.my.id"; dns.query; content:"adblock.junacell.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2851, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads.x88.in"; dns.query; content:"ads.x88.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2852, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kcolspacrm.ir"; dns.query; content:"kcolspacrm.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27991059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2853, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.geili.me"; dns.query; content:"adg.geili.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2854, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myadguardhome.me"; dns.query; content:"myadguardhome.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2855, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.myadguardhome.me"; dns.query; content:"www.myadguardhome.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2856, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bcandrade.ml"; dns.query; content:"bcandrade.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2857, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stvsk.ml"; dns.query; content:"dns.stvsk.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2858, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kinnee.net"; dns.query; content:"adguard.kinnee.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2859, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for it-pal-w-1.nashkan.net"; dns.query; content:"it-pal-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2860, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for se-sto-w-1.nashkan.net"; dns.query; content:"se-sto-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2861, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-den-w-2.nashkan.net"; dns.query; content:"us-den-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2862, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tkhome.nl"; dns.query; content:"dns.tkhome.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2863, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.inf.nu"; dns.query; content:"dns.inf.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2864, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.niub.one"; dns.query; content:"dns1.niub.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2865, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cdzopi.duckdns.org"; dns.query; content:"cdzopi.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2866, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.adblocker.eu.org"; dns.query; content:"dns2.adblocker.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2867, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r1bnc.eu.org"; dns.query; content:"r1bnc.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2868, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au.teradns.org"; dns.query; content:"au.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2869, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pw1602.pl"; dns.query; content:"adguard.pw1602.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2870, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nilanjan.rocks"; dns.query; content:"nilanjan.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27991077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2871, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.nilanjan.rocks"; dns.query; content:"www.nilanjan.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27991078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2872, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nas-server.ru"; dns.query; content:"dns.nas-server.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2873, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yario.ru"; dns.query; content:"yario.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2874, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.yario.ru"; dns.query; content:"www.yario.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2875, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for banhbaothiu.site"; dns.query; content:"banhbaothiu.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2876, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rameshsoma.tech"; dns.query; content:"adguard.rameshsoma.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2877, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bigart-dns.tk"; dns.query; content:"bigart-dns.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2878, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard-linodefree.tk"; dns.query; content:"guard-linodefree.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2879, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t2c.240130034.xyz"; dns.query; content:"t2c.240130034.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2880, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.295652400.xyz"; dns.query; content:"www.295652400.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2881, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.886886886.xyz"; dns.query; content:"dns.886886886.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2882, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.luoxi.xyz"; dns.query; content:"doh.luoxi.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2883, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.mezha.xyz"; dns.query; content:"vpn.mezha.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2884, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vpn.mezha.xyz"; dns.query; content:"www.vpn.mezha.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2885, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jjm.asia"; dns.query; content:"jjm.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2886, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jimirobaer.be"; dns.query; content:"dns.jimirobaer.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2887, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.sas-wres.cc"; dns.query; content:"dns2.sas-wres.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2888, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wccw.cc"; dns.query; content:"wccw.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2889, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tokyo.cricoin.cf"; dns.query; content:"tokyo.cricoin.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2890, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.felipe.cloud"; dns.query; content:"dns.felipe.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2891, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.yatesfamily.cloud"; dns.query; content:"secure.yatesfamily.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2892, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.andreykiv.com"; dns.query; content:"dns.andreykiv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2893, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.catrone3.com"; dns.query; content:"adguard.catrone3.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2894, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dionperera.com"; dns.query; content:"dns.dionperera.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2895, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gclouddns.com"; dns.query; content:"gclouddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2896, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.laurenlaufman.com"; dns.query; content:"adguard.laurenlaufman.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2897, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maku-tech.com"; dns.query; content:"maku-tech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2898, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.meidouling.com"; dns.query; content:"hk.meidouling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2899, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nzcow.com"; dns.query; content:"dns.nzcow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2900, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thanos.pleumkungz.com"; dns.query; content:"thanos.pleumkungz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2901, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for torettohome.com"; dns.query; content:"torettohome.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2902, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wantaquddin.com"; dns.query; content:"wantaquddin.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2903, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.luan.contact"; dns.query; content:"dns1.luan.contact"; nocase; fast_pattern; classtype:bad-unknown; sid:27991110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2904, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alpha-dns.de"; dns.query; content:"alpha-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2905, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.alpha-dns.de"; dns.query; content:"www.alpha-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2906, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcornet.freeboxos.fr"; dns.query; content:"pcornet.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2907, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.koshonsa.fr"; dns.query; content:"adguard.koshonsa.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2908, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roc.net.sys.of.icu"; dns.query; content:"roc.net.sys.of.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2909, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.apemlegit.my.id"; dns.query; content:"d.apemlegit.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2910, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-sv-id01.aucnier.my.id"; dns.query; content:"dns-sv-id01.aucnier.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2911, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.gms.net.id"; dns.query; content:"dns2.gms.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2912, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dub.r.rnet.ie"; dns.query; content:"dub.r.rnet.ie"; nocase; fast_pattern; classtype:bad-unknown; sid:27991119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2913, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.technovus.in"; dns.query; content:"adblock.technovus.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2914, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.isteal.info"; dns.query; content:"dns.isteal.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2915, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lops.lol"; dns.query; content:"lops.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27991122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2916, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for toaster.lol"; dns.query; content:"toaster.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27991123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2917, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sink.nolo.ltd"; dns.query; content:"sink.nolo.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2918, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns53.dipen.me"; dns.query; content:"dns53.dipen.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2919, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dscloud.me"; dns.query; content:"doh.dscloud.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2920, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dgca.myds.me"; dns.query; content:"dgca.myds.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2921, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.noad.me"; dns.query; content:"dns.noad.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2922, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.redroot.me"; dns.query; content:"dns.redroot.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2923, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for airmaxcloud.ml"; dns.query; content:"airmaxcloud.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2924, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rml.mobi"; dns.query; content:"rml.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27991131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2925, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard.kozich.net"; dns.query; content:"dns.adguard.kozich.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2926, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.kreonet.net"; dns.query; content:"adns.kreonet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2927, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-2.nashkan.net"; dns.query; content:"de-fsn-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2928, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for streltsov.net"; dns.query; content:"streltsov.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2929, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.streltsov.net"; dns.query; content:"www.streltsov.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2930, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.niub.one"; dns.query; content:"dns2.niub.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2931, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jatadguardhome.duckdns.org"; dns.query; content:"jatadguardhome.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2932, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgpcloud.duckdns.org"; dns.query; content:"sgpcloud.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2933, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tw2.duckdns.org"; dns.query; content:"tw2.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2934, updated_at 2022_12_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-dns.hoover.eu.org"; dns.query; content:"doh-dns.hoover.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2935, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.frankslabs.org"; dns.query; content:"dns.frankslabs.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2936, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-passage.9273082020.ru"; dns.query; content:"de-passage.9273082020.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2937, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.randomaizer.lentel.ru"; dns.query; content:"adguard.randomaizer.lentel.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2938, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jaye.sh"; dns.query; content:"jaye.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2939, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stream.securely.sh"; dns.query; content:"stream.securely.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2940, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arespctw.tk"; dns.query; content:"arespctw.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2941, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jupiter1013.tk"; dns.query; content:"jupiter1013.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2942, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trojan.nowave.top"; dns.query; content:"trojan.nowave.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2943, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.marcbond.uk"; dns.query; content:"dns.marcbond.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2944, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 16112021.xyz"; dns.query; content:"16112021.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2945, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hole.elbschloss.xyz"; dns.query; content:"hole.elbschloss.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2946, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roboticsbenchmarking.xyz"; dns.query; content:"roboticsbenchmarking.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2947, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for in-dns.sanselva.xyz"; dns.query; content:"in-dns.sanselva.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2948, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ublock-dns-resolver-02.northeurope.cloudapp.azure.com"; dns.query; content:"ublock-dns-resolver-02.northeurope.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2949, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for disbish.com"; dns.query; content:"disbish.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2950, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hostedadguard.greatharts.com"; dns.query; content:"hostedadguard.greatharts.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2951, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hakutakucn.com"; dns.query; content:"dns.hakutakucn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2952, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.imaicool.com"; dns.query; content:"dns.imaicool.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2953, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddd.loukky.com"; dns.query; content:"ddd.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2954, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mikewaddick.com"; dns.query; content:"mikewaddick.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2955, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for walker.mynetgear.com"; dns.query; content:"walker.mynetgear.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2956, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for prvt-room.com"; dns.query; content:"prvt-room.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2957, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3krkr.tonedtanya.com"; dns.query; content:"3krkr.tonedtanya.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2958, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.betamax65.de"; dns.query; content:"adguard.betamax65.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2959, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myhottiemama.de"; dns.query; content:"myhottiemama.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2960, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sbdns.co.in"; dns.query; content:"sbdns.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2961, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.bruckmoser.it"; dns.query; content:"home.bruckmoser.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2962, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gusdns.ddns.me"; dns.query; content:"gusdns.ddns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2963, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pakuchi-tree.ml"; dns.query; content:"dns.pakuchi-tree.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2964, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.luotianyi.net"; dns.query; content:"dns.luotianyi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2965, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.norgan.net"; dns.query; content:"dns.norgan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2966, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ginnungagap.rabenhain.net"; dns.query; content:"ginnungagap.rabenhain.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2967, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tomitomix.net"; dns.query; content:"dns.tomitomix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2968, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2dns.duckdns.org"; dns.query; content:"2dns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2969, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dmr.pw"; dns.query; content:"dns.dmr.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2970, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ar777trg.tech"; dns.query; content:"adguard.ar777trg.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2971, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chinh.tk"; dns.query; content:"dns.chinh.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2972, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-dns.cattery.work"; dns.query; content:"hk-dns.cattery.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27991179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2973, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.linkr.ninja"; dns.query; content:"dns.linkr.ninja"; nocase; fast_pattern; classtype:bad-unknown; sid:27991180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2975, updated_at 2023_11_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d4d.moe"; dns.query; content:"dns.d4d.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2976, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ha-dvin.pp.ua"; dns.query; content:"dns.ha-dvin.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2977, updated_at 2023_05_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ihctw.synology.me"; dns.query; content:"ihctw.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2978, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.invisv.com"; dns.query; content:"dns.invisv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2979, updated_at 2023_06_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shuting.idv.tw"; dns.query; content:"adguard.shuting.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2981, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.southam.family"; dns.query; content:"doh.southam.family"; nocase; fast_pattern; classtype:bad-unknown; sid:27991186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2982, updated_at 2023_02_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.youni.win"; dns.query; content:"dns.youni.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2983, updated_at 2023_09_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.zephyrus.id"; dns.query; content:"doh.zephyrus.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2984, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.familiamichels.com.br"; dns.query; content:"dns.familiamichels.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2993, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-ext.familiamichels.com.br"; dns.query; content:"dns-ext.familiamichels.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2994, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.2poi.com"; dns.query; content:"dns.2poi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2995, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bluestarnc.com"; dns.query; content:"dns.bluestarnc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2996, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gusald.com"; dns.query; content:"gusald.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2997, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nguyendn.com"; dns.query; content:"dns.nguyendn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2999, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nzcow.com"; dns.query; content:"dns2.nzcow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3000, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tycholaz.com"; dns.query; content:"dns.tycholaz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3001, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atlantic.dyn1.de"; dns.query; content:"atlantic.dyn1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3002, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for onlyaltf4.de"; dns.query; content:"onlyaltf4.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3003, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.piriot.de"; dns.query; content:"dns.piriot.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3004, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shalenkov.dev"; dns.query; content:"shalenkov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3005, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vasaweb.eu"; dns.query; content:"dns.vasaweb.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3006, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.spok.fun"; dns.query; content:"dns.spok.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3008, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.anir0y.in"; dns.query; content:"dot.anir0y.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3010, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for findmethedns.info"; dns.query; content:"findmethedns.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3011, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lorc17-dns.komeho.info"; dns.query; content:"lorc17-dns.komeho.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3012, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for intertop.link"; dns.query; content:"intertop.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3013, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for notgoogle.mobi"; dns.query; content:"notgoogle.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27991207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3015, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.1899.com.mx"; dns.query; content:"ns1.1899.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3016, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cvt-ic-us-adns-001.clearviewtechnology.net"; dns.query; content:"cvt-ic-us-adns-001.clearviewtechnology.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3017, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas302.ddns.net"; dns.query; content:"nas302.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3018, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for premiumtier-network.instadart.net"; dns.query; content:"premiumtier-network.instadart.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3019, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-12.nashkan.net"; dns.query; content:"de-fsn-w-12.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3020, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-nue-w-1.nashkan.net"; dns.query; content:"de-nue-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3021, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ofdoom.net"; dns.query; content:"dns.ofdoom.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3022, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-i-5.tegant.net"; dns.query; content:"de-fsn-i-5.tegant.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3023, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for waguns.net"; dns.query; content:"waguns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3024, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns9999.duckdns.org"; dns.query; content:"dns9999.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3025, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privado.ovh"; dns.query; content:"dns.privado.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3026, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1dx.ru"; dns.query; content:"1dx.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3027, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-adguard.ru"; dns.query; content:"dns-adguard.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3028, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for elshad-adgh-dns.ru"; dns.query; content:"elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3029, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for autodiscover.elshad-adgh-dns.ru"; dns.query; content:"autodiscover.elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3030, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.elshad-adgh-dns.ru"; dns.query; content:"mail.elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3031, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for owa.elshad-adgh-dns.ru"; dns.query; content:"owa.elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3032, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.elshad-adgh-dns.ru"; dns.query; content:"www.elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3033, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iamninja.ru"; dns.query; content:"dns.iamninja.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3034, updated_at 2023_10_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muxyuji.ru"; dns.query; content:"muxyuji.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3035, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.muxyuji.ru"; dns.query; content:"www.muxyuji.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3036, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.titan.stream"; dns.query; content:"adguard.titan.stream"; nocase; fast_pattern; classtype:bad-unknown; sid:27991229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3037, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proxy.titan.stream"; dns.query; content:"proxy.titan.stream"; nocase; fast_pattern; classtype:bad-unknown; sid:27991230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3038, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mtnh.tk"; dns.query; content:"dns.mtnh.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3039, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for saikoudns.tk"; dns.query; content:"saikoudns.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3040, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for suanr.top"; dns.query; content:"suanr.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3041, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.erw.cc"; dns.query; content:"hk.erw.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3052, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns140.zhhz.cc"; dns.query; content:"dns140.zhhz.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3053, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.cf"; dns.query; content:"ychen.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3054, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dsns.cloud"; dns.query; content:"adguard.dsns.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3055, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bcsmts.com"; dns.query; content:"bcsmts.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3056, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bonishomenetwork.com"; dns.query; content:"bonishomenetwork.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3057, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cuehosting.com"; dns.query; content:"dns.cuehosting.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3058, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ellichua.com"; dns.query; content:"dns.ellichua.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3059, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for incaseineeditoneday.com"; dns.query; content:"incaseineeditoneday.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3060, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.incaseineeditoneday.com"; dns.query; content:"www.incaseineeditoneday.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3061, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.mangosysdns.com"; dns.query; content:"hk.mangosysdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3062, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for matthias-prost.com"; dns.query; content:"matthias-prost.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3063, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nayemador.com"; dns.query; content:"dns.nayemador.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3064, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uranus.plonknet.com"; dns.query; content:"uranus.plonknet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3065, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.reachburt.com"; dns.query; content:"dns2.reachburt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3066, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tk31z.com"; dns.query; content:"tk31z.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3067, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohdododo.tonedtanya.com"; dns.query; content:"dohdododo.tonedtanya.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3068, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for go10go10.tonedtanya.com"; dns.query; content:"go10go10.tonedtanya.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3069, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yovbak.com"; dns.query; content:"yovbak.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3070, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru2.vnetwork.cyou"; dns.query; content:"ru2.vnetwork.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27991253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3071, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.luwei.date"; dns.query; content:"d.luwei.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27991254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3072, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.novali.date"; dns.query; content:"dns.novali.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27991255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3073, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.novali.date"; dns.query; content:"us.novali.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27991256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3074, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for flumuffel.de"; dns.query; content:"flumuffel.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3075, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.marcrnt.de"; dns.query; content:"home.marcrnt.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3076, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mjanson.de"; dns.query; content:"adguard.mjanson.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3077, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.adrianion.eu"; dns.query; content:"dns1.adrianion.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3078, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.ga"; dns.query; content:"ychen.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3079, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neo.esbpcs.my.id"; dns.query; content:"neo.esbpcs.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3080, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1b.ns.ozer.im"; dns.query; content:"1b.ns.ozer.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27991263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3081, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for penimofe.in"; dns.query; content:"penimofe.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3082, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.aflr.io"; dns.query; content:"blackhole.aflr.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3083, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaans.io"; dns.query; content:"kaans.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3084, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-secure.wifire.it"; dns.query; content:"dns-secure.wifire.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3085, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.khanhtran.me"; dns.query; content:"dns.khanhtran.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3086, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rjls.me"; dns.query; content:"dns.rjls.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3087, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for soncms.me"; dns.query; content:"soncms.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3088, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c4.ownvps.ml"; dns.query; content:"c4.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3089, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud6.ownvps.ml"; dns.query; content:"cloud6.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3090, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vaguthu.mv"; dns.query; content:"dns.vaguthu.mv"; nocase; fast_pattern; classtype:bad-unknown; sid:27991273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3092, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 4dscape.net"; dns.query; content:"4dscape.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3093, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testadguardhome.adtidy.net"; dns.query; content:"testadguardhome.adtidy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3094, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.borgwardtech.net"; dns.query; content:"adguard.borgwardtech.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3095, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akhil.ddns.net"; dns.query; content:"akhil.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3096, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nathor.ddns.net"; dns.query; content:"nathor.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3097, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ngc0226.ddns.net"; dns.query; content:"ngc0226.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3098, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blocker.dekugon.net"; dns.query; content:"blocker.dekugon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3099, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 94169.ip-ns.net"; dns.query; content:"94169.ip-ns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3100, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-o-1.nashkan.net"; dns.query; content:"de-fsn-o-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3101, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mos-w-1.nashkan.net"; dns.query; content:"ru-mos-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3102, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-4.nashkan.net"; dns.query; content:"sg-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3103, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noadsapp.net"; dns.query; content:"noadsapp.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3104, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darya.persiannit.net"; dns.query; content:"darya.persiannit.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3105, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.wewitro.net"; dns.query; content:"dot.wewitro.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3106, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.taterdns.nl"; dns.query; content:"dns1.taterdns.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3108, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bdns.one"; dns.query; content:"bdns.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3109, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.karl.one"; dns.query; content:"dns.karl.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3111, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server01.karl.one"; dns.query; content:"server01.karl.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3112, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lekdijk.online"; dns.query; content:"lekdijk.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3113, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for externalmobiel.lekdijk.online"; dns.query; content:"externalmobiel.lekdijk.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3114, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for piholeddns.duckdns.org"; dns.query; content:"piholeddns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3115, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.dankatapich.eu.org"; dns.query; content:"adg.dankatapich.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3116, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dislike.eu.org"; dns.query; content:"dislike.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3117, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.superbest.eu.org"; dns.query; content:"adguard.superbest.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3118, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.f-bg.org"; dns.query; content:"dns.f-bg.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3119, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.ral9005.org"; dns.query; content:"ns.ral9005.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3120, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dn5.talesam.org"; dns.query; content:"dn5.talesam.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3121, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privdns0022.securehost.ovh"; dns.query; content:"privdns0022.securehost.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3122, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fk4mil.pl"; dns.query; content:"fk4mil.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3123, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for colean.go.ro"; dns.query; content:"colean.go.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3124, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.onlinetools.rocks"; dns.query; content:"adns.onlinetools.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27991304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3125, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an81dns.ru"; dns.query; content:"an81dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3126, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ilcha.ru"; dns.query; content:"ilcha.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3127, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for piserver.ru"; dns.query; content:"piserver.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3128, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agafon.site"; dns.query; content:"agafon.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3129, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.agafon.site"; dns.query; content:"www.agafon.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3130, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for groupy.su"; dns.query; content:"groupy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27991310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3131, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ducphuclee.tech"; dns.query; content:"ducphuclee.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3132, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sj2.2333www.tk"; dns.query; content:"sj2.2333www.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3133, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chertila.tk"; dns.query; content:"chertila.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3134, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for palazzoddns.tk"; dns.query; content:"palazzoddns.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3135, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.wisw.tk"; dns.query; content:"us.wisw.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3136, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zxcvb.pp.ua"; dns.query; content:"zxcvb.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3138, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frontpace.us"; dns.query; content:"frontpace.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3139, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hoarfox.us"; dns.query; content:"hoarfox.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3140, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cs42.xyz"; dns.query; content:"cs42.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3142, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.febryandana.xyz"; dns.query; content:"dns.febryandana.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3143, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shadowhouses-dns.xyz"; dns.query; content:"shadowhouses-dns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3144, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for killads.vpms.xyz"; dns.query; content:"killads.vpms.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3145, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for funti.cc"; dns.query; content:"funti.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3147, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cc.3eto.com"; dns.query; content:"cc.3eto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3148, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cnbeining.com"; dns.query; content:"adguard.cnbeining.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3149, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cwlys.com"; dns.query; content:"dns.cwlys.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3150, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.jjlizz.com"; dns.query; content:"cloud.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3151, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 003.tisyang.com"; dns.query; content:"003.tisyang.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3152, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.schlikow.de"; dns.query; content:"adguard.schlikow.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3153, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.supercluster.io"; dns.query; content:"dns.supercluster.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3154, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.altairzone.it"; dns.query; content:"dns.altairzone.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3155, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for towanda.camtechnology.it"; dns.query; content:"towanda.camtechnology.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3156, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.jij.kr"; dns.query; content:"a.jij.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3157, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ldrk-dns.link"; dns.query; content:"ldrk-dns.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3158, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kumar-abhishek.me"; dns.query; content:"dns.kumar-abhishek.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3159, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.schwaab.me"; dns.query; content:"dns.schwaab.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3160, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for overwatch.ddns.net"; dns.query; content:"overwatch.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3161, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi-hel-w-2.nashkan.net"; dns.query; content:"fi-hel-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3162, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.webstor.net"; dns.query; content:"dns.webstor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3163, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.ttdd.one"; dns.query; content:"ad.ttdd.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3164, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ocl.smaccs.site"; dns.query; content:"ocl.smaccs.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3165, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.halvez.top"; dns.query; content:"dns.halvez.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3166, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s.101818.xyz"; dns.query; content:"s.101818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3167, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mia.eyecay.xyz"; dns.query; content:"mia.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3168, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.intellsystemworld.xyz"; dns.query; content:"us1.intellsystemworld.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3169, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.opnsource.com.au"; dns.query; content:"dns.opnsource.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3170, updated_at 2023_08_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.joaofidelix.com.br"; dns.query; content:"dns.joaofidelix.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3171, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.onedns.cc"; dns.query; content:"secure.onedns.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3172, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for duyyen.cf"; dns.query; content:"duyyen.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3173, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.firefenix.cf"; dns.query; content:"dns.firefenix.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3174, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.firefenix.cf"; dns.query; content:"home.firefenix.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3175, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seedboxhome.firefenix.cf"; dns.query; content:"seedboxhome.firefenix.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3176, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-dns.rouga.ch"; dns.query; content:"adguard-dns.rouga.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3177, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.h0schi.cloud"; dns.query; content:"dns.h0schi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3178, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.eswan.club"; dns.query; content:"adg.eswan.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3179, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usser.52huameng.com"; dns.query; content:"usser.52huameng.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3180, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.idsam.com"; dns.query; content:"dns.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3181, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s.idsam.com"; dns.query; content:"s.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3182, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ikataruto.com"; dns.query; content:"dns.ikataruto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3183, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.dns.ikataruto.com"; dns.query; content:"jp.dns.ikataruto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3184, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itcosc.com"; dns.query; content:"dns.itcosc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3185, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for live.jjlizz.com"; dns.query; content:"live.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3186, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsfr.markovskilab.com"; dns.query; content:"dnsfr.markovskilab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3187, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moonssif.com"; dns.query; content:"dns.moonssif.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3188, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myadguardhome.com"; dns.query; content:"myadguardhome.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3189, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnx.niko-sem.com"; dns.query; content:"dnx.niko-sem.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3190, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ryanleek.com"; dns.query; content:"adguard.ryanleek.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3191, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tuankhaiit.com"; dns.query; content:"dns.tuankhaiit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3192, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zacharymeadors.com"; dns.query; content:"dns.zacharymeadors.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3193, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.capypara.de"; dns.query; content:"blackhole.capypara.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3194, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tmkis-dns.de"; dns.query; content:"tmkis-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3195, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.de-grove.eu"; dns.query; content:"dns.de-grove.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3196, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eknetwork.eu"; dns.query; content:"dns.eknetwork.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3197, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.klcd.eu"; dns.query; content:"dns1.klcd.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3198, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.octoworld.fr"; dns.query; content:"dns.octoworld.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3199, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.quentin-stoeckel.fr"; dns.query; content:"home.quentin-stoeckel.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3200, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d2.shabi.icu"; dns.query; content:"d2.shabi.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3201, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.nods.in"; dns.query; content:"ad.nods.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3202, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudan88.synology.me"; dns.query; content:"cloudan88.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3203, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.anoogohost.net"; dns.query; content:"dns.anoogohost.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3204, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cybereager.net"; dns.query; content:"dns.cybereager.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3205, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dltkhn01.ddns.net"; dns.query; content:"dltkhn01.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3206, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.grusdas.net"; dns.query; content:"dns.grusdas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3207, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jpjb.net"; dns.query; content:"adguard.jpjb.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3208, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-1.nashkan.net"; dns.query; content:"ae-fuj-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3209, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-sbg-w-4.nashkan.net"; dns.query; content:"fr-sbg-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3210, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.bit-trail.nl"; dns.query; content:"ns3.bit-trail.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3211, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for admin.dotls.org"; dns.query; content:"admin.dotls.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3212, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for germvpnguard.duckdns.org"; dns.query; content:"germvpnguard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3213, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jurre-home.duckdns.org"; dns.query; content:"jurre-home.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3214, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for osefcorp.duckdns.org"; dns.query; content:"osefcorp.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3215, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn-dns-adsblocker.duckdns.org"; dns.query; content:"vpn-dns-adsblocker.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3216, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xthwo.duckdns.org"; dns.query; content:"xthwo.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3217, updated_at 2023_03_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keithchung.hopto.org"; dns.query; content:"keithchung.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3218, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kaytek.org"; dns.query; content:"adguard.kaytek.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3219, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dart.kpsn.org"; dns.query; content:"dart.kpsn.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3220, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fwgw.orangepipc.mywire.org"; dns.query; content:"fwgw.orangepipc.mywire.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3221, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.timefine.org"; dns.query; content:"ad.timefine.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3222, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.vokuev.org"; dns.query; content:"vpn.vokuev.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3223, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.buck.ovh"; dns.query; content:"block.buck.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3224, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stalent.ovh"; dns.query; content:"stalent.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3225, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for msxnet.ru"; dns.query; content:"msxnet.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3226, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.msxnet.ru"; dns.query; content:"dns.msxnet.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3227, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ronc.ru"; dns.query; content:"dns.ronc.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3228, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asdfcomparator.tk"; dns.query; content:"asdfcomparator.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3229, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.magnon-box.tk"; dns.query; content:"dns.magnon-box.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3230, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aikiquare.top"; dns.query; content:"aikiquare.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3231, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bb.jason666.top"; dns.query; content:"bb.jason666.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3232, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ds.free.svipss.top"; dns.query; content:"ds.free.svipss.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3233, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pop.novacia.com.ua"; dns.query; content:"pop.novacia.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3234, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sergeykobzar.com.ua"; dns.query; content:"sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3235, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.sergeykobzar.com.ua"; dns.query; content:"www.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3236, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pp.ua"; dns.query; content:"adguard.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3237, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gruppo.pp.ua"; dns.query; content:"gruppo.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3238, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.4nas.win"; dns.query; content:"dot.4nas.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3239, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d94.xyz"; dns.query; content:"dns.d94.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3240, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.haoxuan.xyz"; dns.query; content:"dns.haoxuan.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3241, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nexen.cloud"; dns.query; content:"doh.nexen.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3244, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.l2h8.cn"; dns.query; content:"dns.l2h8.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3245, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.halimdaud.com"; dns.query; content:"agh.halimdaud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3246, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kennethhuang.com"; dns.query; content:"kennethhuang.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3247, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.p55k.com"; dns.query; content:"dns.p55k.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3248, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.luan.contact"; dns.query; content:"dns.luan.contact"; nocase; fast_pattern; classtype:bad-unknown; sid:27991423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3249, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.zitronen-server.de"; dns.query; content:"adguard01.zitronen-server.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3250, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.abgnetwork.es"; dns.query; content:"vps.abgnetwork.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27991425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3251, updated_at 2023_01_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.11i.eu"; dns.query; content:"2.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3252, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lilibox.freeboxos.fr"; dns.query; content:"lilibox.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3253, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn0109.voodonline.fr"; dns.query; content:"vpn0109.voodonline.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3254, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcgo.fun"; dns.query; content:"pcgo.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3255, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vmath.my.id"; dns.query; content:"dns.vmath.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3256, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.workfordemo.co.in"; dns.query; content:"agh.workfordemo.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3257, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.vinc.me"; dns.query; content:"dns2.vinc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3258, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.lfac.ml"; dns.query; content:"dns2.lfac.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3259, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c1.ownvps.ml"; dns.query; content:"c1.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3260, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nicktruehome.ddns.net"; dns.query; content:"nicktruehome.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3261, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.feiyuyu.net"; dns.query; content:"dns.feiyuyu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3262, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lilibox.duckdns.org"; dns.query; content:"lilibox.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3263, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi.homeanywhere.org"; dns.query; content:"pi.homeanywhere.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3264, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keithchunguat.hopto.org"; dns.query; content:"keithchunguat.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3265, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akdns.xyz"; dns.query; content:"akdns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3266, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ovpn.bond"; dns.query; content:"dns.ovpn.bond"; nocase; fast_pattern; classtype:bad-unknown; sid:27991441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3268, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mokocup.cf"; dns.query; content:"adguard.mokocup.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3269, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for timothytimothy.cf"; dns.query; content:"timothytimothy.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3270, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.timothytimothy.cf"; dns.query; content:"www.timothytimothy.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3271, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-guard1.cryptroute.com"; dns.query; content:"dns-guard1.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3272, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an.kanahanazawa.com"; dns.query; content:"an.kanahanazawa.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3273, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mx1.laoxiao789.com"; dns.query; content:"mx1.laoxiao789.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3274, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for msr177.com"; dns.query; content:"msr177.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3275, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for out.neofion.com"; dns.query; content:"out.neofion.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3276, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qwkurl.com"; dns.query; content:"dns.qwkurl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3277, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rodovatech.com"; dns.query; content:"dns.rodovatech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3278, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for whatcaniplay.com"; dns.query; content:"whatcaniplay.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3279, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.whatcaniplay.com"; dns.query; content:"dns.whatcaniplay.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3280, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srv5.jiripocta.cz"; dns.query; content:"srv5.jiripocta.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3281, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.2t9.de"; dns.query; content:"dns.2t9.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3282, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.dev"; dns.query; content:"adguardhome.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3283, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for korzhov.dev"; dns.query; content:"korzhov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3284, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for garanphomai.ga"; dns.query; content:"garanphomai.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3285, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aucnier.my.id"; dns.query; content:"aucnier.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3286, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for libye.in"; dns.query; content:"libye.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3287, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.bielperes.me"; dns.query; content:"mydns.bielperes.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3289, updated_at 2023_03_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cintra.ml"; dns.query; content:"cintra.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3290, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.freegod.ml"; dns.query; content:"doh.freegod.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3291, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vmi880423.contaboserver.net"; dns.query; content:"vmi880423.contaboserver.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3292, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sinamease.net"; dns.query; content:"sinamease.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3293, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.techcpu.net"; dns.query; content:"dns.techcpu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3294, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.clawsucht.nrw"; dns.query; content:"adguard.clawsucht.nrw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3295, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fcpsunleashed.org"; dns.query; content:"fcpsunleashed.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3296, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for connect.fcpsunleashed.org"; dns.query; content:"connect.fcpsunleashed.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3297, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for internal.fcpsunleashed.org"; dns.query; content:"internal.fcpsunleashed.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3298, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for manage.fcpsunleashed.org"; dns.query; content:"manage.fcpsunleashed.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3299, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ociamd1.fatucloud.gosprout.org"; dns.query; content:"ociamd1.fatucloud.gosprout.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3300, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test.fatucloud.gosprout.org"; dns.query; content:"test.fatucloud.gosprout.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3301, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.panszelescik.pl"; dns.query; content:"dns.panszelescik.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3302, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.piekacz.pl"; dns.query; content:"adguard.piekacz.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3303, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eaereaper.ru"; dns.query; content:"eaereaper.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3304, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.eaereaper.ru"; dns.query; content:"www.eaereaper.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3305, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdvizhkov.ru"; dns.query; content:"sdvizhkov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3306, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.miaouu.top"; dns.query; content:"ad.miaouu.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3307, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fc.idv.tw"; dns.query; content:"dns.fc.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3308, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gauss.pp.ua"; dns.query; content:"gauss.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3309, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.n3120.wang"; dns.query; content:"dns2.n3120.wang"; nocase; fast_pattern; classtype:bad-unknown; sid:27991482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3310, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for daswieddodeushtuhaw.xyz"; dns.query; content:"daswieddodeushtuhaw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3311, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.gosami.xyz"; dns.query; content:"vpn.gosami.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3312, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aquilenet.fr"; dns.query; content:"dns.aquilenet.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3313, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flymc.cc"; dns.query; content:"dns.flymc.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3316, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privacy.cm"; dns.query; content:"dns.privacy.cm"; nocase; fast_pattern; classtype:bad-unknown; sid:27991487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3317, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rilaic-multi.daonidc.com"; dns.query; content:"rilaic-multi.daonidc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3318, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x.ns1net.com"; dns.query; content:"x.ns1net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3319, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gaia.plonknet.com"; dns.query; content:"gaia.plonknet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3320, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agp01.tek411.com"; dns.query; content:"agp01.tek411.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3321, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.toairs.com"; dns.query; content:"d.toairs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3322, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wydler.eu"; dns.query; content:"adguard.wydler.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3323, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.wydler.eu"; dns.query; content:"adguard01.wydler.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3324, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for horne.haus"; dns.query; content:"horne.haus"; nocase; fast_pattern; classtype:bad-unknown; sid:27991495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3325, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gaharchat.my.id"; dns.query; content:"gaharchat.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3326, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.n23.io"; dns.query; content:"dns.n23.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3327, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.abstergo.it"; dns.query; content:"block.abstergo.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3328, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o1.lt"; dns.query; content:"o1.lt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3329, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iblockads.net"; dns.query; content:"dns.iblockads.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3330, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lt-vil-w-2.nashkan.net"; dns.query; content:"lt-vil-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3331, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tuandns.duckdns.org"; dns.query; content:"tuandns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3332, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudns.bosco.ovh"; dns.query; content:"cloudns.bosco.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3333, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ant.dns.qwer.pw"; dns.query; content:"ant.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3334, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bacer.msk.ru"; dns.query; content:"bacer.msk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3335, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for name.my-station.ru"; dns.query; content:"name.my-station.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3336, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shield.afixer.app"; dns.query; content:"shield.afixer.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3339, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tlz.asia"; dns.query; content:"tlz.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3340, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.tlz.asia"; dns.query; content:"www.tlz.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3341, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lrdnet.cf"; dns.query; content:"dns.lrdnet.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3342, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for meudns.minhacasainteligente.cf"; dns.query; content:"meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3343, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for elc.meudns.minhacasainteligente.cf"; dns.query; content:"elc.meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3344, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lmz.meudns.minhacasainteligente.cf"; dns.query; content:"lmz.meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3345, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mbz.meudns.minhacasainteligente.cf"; dns.query; content:"mbz.meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3346, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tbl.meudns.minhacasainteligente.cf"; dns.query; content:"tbl.meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3347, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for as17820865.click"; dns.query; content:"as17820865.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27991516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3348, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bluewall.cloud"; dns.query; content:"bluewall.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3349, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lighthouse.rycerz.cloud"; dns.query; content:"lighthouse.rycerz.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3350, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zkz.cloud"; dns.query; content:"dns.zkz.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3351, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.5ososea.com"; dns.query; content:"family.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3352, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.afastserver.com"; dns.query; content:"dns2.afastserver.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3353, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chaos.altendorfme.com"; dns.query; content:"chaos.altendorfme.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3354, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cloud-sekeng.com"; dns.query; content:"doh.cloud-sekeng.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3355, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.crownor.com"; dns.query; content:"dns.crownor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3356, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.idsam.com"; dns.query; content:"dns1.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3357, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tv.jjlizz.com"; dns.query; content:"tv.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3358, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asgard.maximegw.com"; dns.query; content:"asgard.maximegw.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3359, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.osmenoga.com"; dns.query; content:"dns.osmenoga.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3360, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o.rsaikat.com"; dns.query; content:"o.rsaikat.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3361, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thisismydns.cyou"; dns.query; content:"thisismydns.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27991530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3362, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.frece.de"; dns.query; content:"adguard2.frece.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3363, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve2.srv-pro.de"; dns.query; content:"resolve2.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3364, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.wriedts.de"; dns.query; content:"home.wriedts.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3365, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.applewebkit.dev"; dns.query; content:"dns.applewebkit.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3366, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jucker.engineering"; dns.query; content:"dns.jucker.engineering"; nocase; fast_pattern; classtype:bad-unknown; sid:27991535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3367, updated_at 2023_07_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for marginnote.ga"; dns.query; content:"marginnote.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3369, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.futa.gg"; dns.query; content:"dot.futa.gg"; nocase; fast_pattern; classtype:bad-unknown; sid:27991537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3370, updated_at 2023_08_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dmit.xxxxxxxxx.gq"; dns.query; content:"dmit.xxxxxxxxx.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27991538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3371, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for serayadns.my.id"; dns.query; content:"serayadns.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3372, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maddino.dedyn.io"; dns.query; content:"maddino.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3373, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xiaolong.link"; dns.query; content:"xiaolong.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3374, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ch01adguardho.me"; dns.query; content:"ch01adguardho.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3375, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for emmmmm.me"; dns.query; content:"emmmmm.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3376, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yitest.synology.me"; dns.query; content:"yitest.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3377, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an81.ddns.net"; dns.query; content:"an81.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3378, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asbordns.ddns.net"; dns.query; content:"asbordns.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3379, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ccadguard.ddns.net"; dns.query; content:"ccadguard.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3380, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pqh.ddns.net"; dns.query; content:"pqh.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3381, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for riverboat6228.ddns.net"; dns.query; content:"riverboat6228.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3382, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.leadmon.net"; dns.query; content:"adguard1.leadmon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3383, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.leadmon.net"; dns.query; content:"adguard2.leadmon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3384, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-bir-w-1.nashkan.net"; dns.query; content:"gb-bir-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3385, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-5.nashkan.net"; dns.query; content:"gb-lon-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3386, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-nyc-w-3.nashkan.net"; dns.query; content:"us-nyc-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3387, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for za-joh-w-2.nashkan.net"; dns.query; content:"za-joh-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3388, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sachink.net"; dns.query; content:"dns.sachink.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3389, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for virmamp33.sytes.net"; dns.query; content:"virmamp33.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3390, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thierryserver.nl"; dns.query; content:"dns.thierryserver.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3391, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secureadguarddns.charleslondon.online"; dns.query; content:"secureadguarddns.charleslondon.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3392, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock-larssonshus.duckdns.org"; dns.query; content:"adblock-larssonshus.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3393, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ninny.duckdns.org"; dns.query; content:"ninny.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3394, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1461642.hosted-by-vdsina.ru"; dns.query; content:"v1461642.hosted-by-vdsina.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3395, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bw.i81.ru"; dns.query; content:"bw.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3396, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bw.i81.ru"; dns.query; content:"dns.bw.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3397, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.bw.i81.ru"; dns.query; content:"igor.bw.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3398, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.bw.i81.ru"; dns.query; content:"kotys.bw.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3399, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fb.i81.ru"; dns.query; content:"fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3400, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.fb.i81.ru"; dns.query; content:"alisa.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3401, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fb.i81.ru"; dns.query; content:"dns.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3402, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.fb.i81.ru"; dns.query; content:"igor.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3403, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.fb.i81.ru"; dns.query; content:"kotys.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3404, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.fb.i81.ru"; dns.query; content:"luba.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3405, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.fb.i81.ru"; dns.query; content:"olga.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3406, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.fb.i81.ru"; dns.query; content:"vova.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3407, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.0rz.space"; dns.query; content:"1.0rz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3408, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.0rz.space"; dns.query; content:"2.0rz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3409, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for paskam.tk"; dns.query; content:"paskam.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3410, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.paskam.tk"; dns.query; content:"www.paskam.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3411, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.sufly.top"; dns.query; content:"www.sufly.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3412, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls.jackyhou.idv.tw"; dns.query; content:"tls.jackyhou.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3413, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for brb.pp.ua"; dns.query; content:"brb.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3414, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for planty.ddns.us"; dns.query; content:"planty.ddns.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3415, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hellwishdnsservers.work"; dns.query; content:"hellwishdnsservers.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27991583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3416, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for andrewnw.xyz"; dns.query; content:"andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3417, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.andrewnw.xyz"; dns.query; content:"dns.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3418, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for git.andrewnw.xyz"; dns.query; content:"git.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3419, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.andrewnw.xyz"; dns.query; content:"mail.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3420, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.andrewnw.xyz"; dns.query; content:"www.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3421, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maolaohei.xyz"; dns.query; content:"dns.maolaohei.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3422, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.ssy123.xyz"; dns.query; content:"adg.ssy123.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3423, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.h0schi.cloud"; dns.query; content:"dns3.h0schi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3424, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atarikid.com"; dns.query; content:"atarikid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3425, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bobstrecansky.com"; dns.query; content:"bobstrecansky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3426, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bobstrecansky.com"; dns.query; content:"dns.bobstrecansky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3427, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gpchubjk.dnsfish.com"; dns.query; content:"gpchubjk.dnsfish.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3428, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nietostuff.com"; dns.query; content:"dns.nietostuff.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3429, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.plumedns.com"; dns.query; content:"adguard.plumedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3430, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for netherlands.plumedns.com"; dns.query; content:"netherlands.plumedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3431, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rjmva.com"; dns.query; content:"rjmva.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3432, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gu-dns.gugugu.cyou"; dns.query; content:"gu-dns.gugugu.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27991600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3433, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.meddy94.de"; dns.query; content:"adguard.meddy94.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3434, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.aws.ketan.dev"; dns.query; content:"pihole.aws.ketan.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3435, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pitnetdns.ga"; dns.query; content:"pitnetdns.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3436, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hee.ink"; dns.query; content:"dns.hee.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27991604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3437, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.hjk.me"; dns.query; content:"ns1.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3438, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vmi1067860.contaboserver.net"; dns.query; content:"vmi1067860.contaboserver.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3439, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.extrawdw.net"; dns.query; content:"dns.extrawdw.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3440, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nrt.public.gfwdns.net"; dns.query; content:"nrt.public.gfwdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3441, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sk-bra-w-1.nashkan.net"; dns.query; content:"sk-bra-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3442, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-la-w-5.nashkan.net"; dns.query; content:"us-la-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3443, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vault-101.net"; dns.query; content:"dns.vault-101.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3444, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unerror.network"; dns.query; content:"dns.unerror.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27991612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3445, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.dnsviewer.org"; dns.query; content:"ns.dnsviewer.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3446, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for automaton-mm1.duckdns.org"; dns.query; content:"automaton-mm1.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3447, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-primary.giaan.org"; dns.query; content:"dns-primary.giaan.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3448, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for varganet.org"; dns.query; content:"varganet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3449, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dubere.home.ro"; dns.query; content:"dubere.home.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3450, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server-beget.ru"; dns.query; content:"server-beget.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3451, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hopper.org.uk"; dns.query; content:"dns.hopper.org.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3452, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 214214214.xyz"; dns.query; content:"214214214.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3453, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chno.xyz"; dns.query; content:"chno.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3454, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ggrbb.xyz"; dns.query; content:"ggrbb.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3455, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.ggrbb.xyz"; dns.query; content:"www.ggrbb.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3456, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oracle6.losfa.xyz"; dns.query; content:"oracle6.losfa.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3457, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xenergy.cc"; dns.query; content:"xenergy.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3459, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.velay.ch"; dns.query; content:"adguard.velay.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3460, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for daisukivn.asuscomm.com"; dns.query; content:"daisukivn.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3461, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ppfeufer.de"; dns.query; content:"adguard.ppfeufer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3462, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.sascha-triller.de"; dns.query; content:"block.sascha-triller.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3463, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.benpro.fr"; dns.query; content:"dns.benpro.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3464, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb.nods.in"; dns.query; content:"adb.nods.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3465, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for goga7777777.bissnes.org"; dns.query; content:"goga7777777.bissnes.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3466, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fullaccesstointernet.int.eu.org"; dns.query; content:"fullaccesstointernet.int.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3467, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.ipsecloud.ru"; dns.query; content:"ad.ipsecloud.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3468, updated_at 2023_01_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fvpn.jarvishome.ru"; dns.query; content:"fvpn.jarvishome.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3469, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rassadnikov.ru"; dns.query; content:"dns.rassadnikov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3470, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ilker.se"; dns.query; content:"dns.ilker.se"; nocase; fast_pattern; classtype:bad-unknown; sid:27991637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3471, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ftgfw.tk"; dns.query; content:"ftgfw.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3472, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-az2.cattery.work"; dns.query; content:"hk-az2.cattery.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27991639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3473, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdjdns.ajraspi.xyz"; dns.query; content:"rdjdns.ajraspi.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3474, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for loli.sektehalodavid.click"; dns.query; content:"loli.sektehalodavid.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27991641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3475, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-secondary.cloudnx.cloud"; dns.query; content:"dns-secondary.cloudnx.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3476, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.comeonjames.club"; dns.query; content:"dns.comeonjames.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3477, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ef67daisuki.club"; dns.query; content:"adguard.ef67daisuki.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3478, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ahboy.asuscomm.com"; dns.query; content:"ahboy.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3479, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brightesttv.com"; dns.query; content:"dns.brightesttv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3480, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for encremento.com"; dns.query; content:"encremento.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3481, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ethernet.mxx.giize.com"; dns.query; content:"ethernet.mxx.giize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3482, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp01.just-a-web.com"; dns.query; content:"jp01.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3483, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for orau.lz0724.com"; dns.query; content:"orau.lz0724.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3484, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xx.ns1net.com"; dns.query; content:"xx.ns1net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3485, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sitdns.com"; dns.query; content:"sitdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3486, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.sitdns.com"; dns.query; content:"www.sitdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3487, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2raye.com"; dns.query; content:"v2raye.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3488, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wajon-dns.com"; dns.query; content:"wajon-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3489, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.williamlwu.com"; dns.query; content:"dns.williamlwu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3490, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darkness.is.my.waifu.cz"; dns.query; content:"darkness.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3491, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.filipccz.eu"; dns.query; content:"dns.filipccz.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3492, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gando.fr"; dns.query; content:"dns.gando.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3493, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for soay38us0r7goa7.cmsdp.my.id"; dns.query; content:"soay38us0r7goa7.cmsdp.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3494, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.deekshith.in"; dns.query; content:"dns.deekshith.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3495, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jaym.in"; dns.query; content:"jaym.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3496, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for felipefalcao.me"; dns.query; content:"felipefalcao.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3497, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mgiptvpro.ml"; dns.query; content:"dns.mgiptvpro.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3498, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c3.ownvps.ml"; dns.query; content:"c3.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3499, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c5.ownvps.ml"; dns.query; content:"c5.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3500, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wdnts.ml"; dns.query; content:"dns.wdnts.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3501, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.1899.com.mx"; dns.query; content:"ns2.1899.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3502, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adl.adfilter.net"; dns.query; content:"adl.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3503, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.benmeyer.net"; dns.query; content:"adblock.benmeyer.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3504, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cybsurfnet.net"; dns.query; content:"adguard.cybsurfnet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3505, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frontpace.net"; dns.query; content:"frontpace.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3506, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mysys.net"; dns.query; content:"mysys.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3507, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-5.nashkan.net"; dns.query; content:"sg-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3508, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-dal-w-1.nashkan.net"; dns.query; content:"us-dal-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3509, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eweyo.duckdns.org"; dns.query; content:"eweyo.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3510, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for whax.eu.org"; dns.query; content:"whax.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3511, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.sillundil.ovh"; dns.query; content:"dot.sillundil.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3512, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for percival.empty.pw"; dns.query; content:"percival.empty.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3513, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ivanromanov.ru"; dns.query; content:"ivanromanov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3514, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ivanromanov.ru"; dns.query; content:"dns.ivanromanov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3515, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.ivanromanov.ru"; dns.query; content:"www.ivanromanov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3516, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.tardishost.ru"; dns.query; content:"dns1.tardishost.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3517, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moog.sh"; dns.query; content:"dns.moog.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3518, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.aavesh.tech"; dns.query; content:"adguard.aavesh.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3519, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.notggle.tk"; dns.query; content:"adguard.notggle.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3520, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yyqsite.top"; dns.query; content:"yyqsite.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3521, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.yyqsite.top"; dns.query; content:"www.yyqsite.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3522, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.alpo.pp.ua"; dns.query; content:"2.alpo.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3523, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.walshnet.co.uk"; dns.query; content:"dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3524, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.gaconsulting.com.au"; dns.query; content:"adguard2.gaconsulting.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3525, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.gugainfo.com.br"; dns.query; content:"blackhole.gugainfo.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3526, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardprimarydns.cf"; dns.query; content:"adguardprimarydns.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3527, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for carrotegg.club"; dns.query; content:"carrotegg.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3528, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dtness.com"; dns.query; content:"adguard.dtness.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3529, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gogonads.com"; dns.query; content:"gogonads.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3530, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server1.greendns.green1052.com"; dns.query; content:"server1.greendns.green1052.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3531, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leecurrylawfirm.com"; dns.query; content:"leecurrylawfirm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3532, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n5.lsasss.com"; dns.query; content:"n5.lsasss.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3533, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohsg.tonedtanya.com"; dns.query; content:"dohsg.tonedtanya.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3534, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for redpanda.cyou"; dns.query; content:"redpanda.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27991701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3535, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rabmoor.cz"; dns.query; content:"adguard.rabmoor.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3536, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.alexanderkersten.de"; dns.query; content:"adguard.alexanderkersten.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3537, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.quartoz.de"; dns.query; content:"adguard.quartoz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3538, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.faze.dev"; dns.query; content:"dns.faze.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3539, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.titov.es"; dns.query; content:"adguard.titov.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27991706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3540, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ship.ga"; dns.query; content:"dns.ship.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3541, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.gq"; dns.query; content:"ychen.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27991708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3542, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.chlaebi.info"; dns.query; content:"www.chlaebi.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3543, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.farakaft.ir"; dns.query; content:"dns.farakaft.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27991710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3544, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.betelgeuse.link"; dns.query; content:"dns.betelgeuse.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3545, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chlaebi.synology.me"; dns.query; content:"chlaebi.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3546, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgaurd.lingmont.net"; dns.query; content:"adgaurd.lingmont.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3547, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-cov-w-1.nashkan.net"; dns.query; content:"gb-cov-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3548, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-2.nashkan.net"; dns.query; content:"pl-waw-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3549, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-atl-w-2.nashkan.net"; dns.query; content:"us-atl-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3550, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.guard.ru.net"; dns.query; content:"ad.guard.ru.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3551, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for derekcastle.duckdns.org"; dns.query; content:"derekcastle.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3552, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stuxen.duckdns.org"; dns.query; content:"stuxen.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3553, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr.pigs.eu.org"; dns.query; content:"kr.pigs.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3554, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.noehring.org"; dns.query; content:"dns.noehring.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3555, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mitar.ovh"; dns.query; content:"adguard.mitar.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3556, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adampowell.pro"; dns.query; content:"adampowell.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3557, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tiger.dns.qwer.pw"; dns.query; content:"tiger.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3558, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.kano.sh"; dns.query; content:"jp.kano.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3559, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for scrole.shop"; dns.query; content:"scrole.shop"; nocase; fast_pattern; classtype:bad-unknown; sid:27991726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3560, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ytpom.tk"; dns.query; content:"ytpom.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3561, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.opi.pp.ua"; dns.query; content:"ns2.opi.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3562, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home3.brosena.xyz"; dns.query; content:"home3.brosena.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3563, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.dsns.cloud"; dns.query; content:"adguard2.dsns.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3564, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apne1.dns.terumi.club"; dns.query; content:"apne1.dns.terumi.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3565, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for multipurpose1.terumi.club"; dns.query; content:"multipurpose1.terumi.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3566, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.beliefanx.cn"; dns.query; content:"adguard.beliefanx.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3567, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sagutxustech.com"; dns.query; content:"sagutxustech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3568, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.kuhlmannt.de"; dns.query; content:"home.kuhlmannt.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3569, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wallura.eu"; dns.query; content:"adguard.wallura.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3570, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for justlife.fun"; dns.query; content:"justlife.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3571, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alloxr.info"; dns.query; content:"dns.alloxr.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3572, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.alloxr.info"; dns.query; content:"vps.alloxr.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3573, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n.3363.net"; dns.query; content:"n.3363.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3574, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vanced.ddns.net"; dns.query; content:"vanced.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3575, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.misland.net"; dns.query; content:"dns.misland.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3576, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.snow-sugar.net"; dns.query; content:"home.snow-sugar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3577, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ge.libaced.one"; dns.query; content:"ge.libaced.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3578, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nocnik.org"; dns.query; content:"adguard.nocnik.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3579, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for federicoferri.ovh"; dns.query; content:"federicoferri.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3580, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for link.altapo.ru"; dns.query; content:"link.altapo.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3581, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pozitiff4ik.ru"; dns.query; content:"pozitiff4ik.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3582, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpnonelove.ru"; dns.query; content:"vpnonelove.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3583, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for serv1.magnon-box.tk"; dns.query; content:"serv1.magnon-box.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3584, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.serv1.magnon-box.tk"; dns.query; content:"dns.serv1.magnon-box.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3585, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dhold.2025up.xyz"; dns.query; content:"dhold.2025up.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3586, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lyhlyh.xyz"; dns.query; content:"dns.lyhlyh.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3587, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns8.org"; dns.query; content:"dns8.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3663, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n0.eu"; dns.query; content:"n0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3746, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.com"; dns.query; content:"ns3.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3754, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.cx"; dns.query; content:"ns3.cx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3755, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.link"; dns.query; content:"ns3.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3756, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2.dionysus.beauty"; dns.query; content:"v2.dionysus.beauty"; nocase; fast_pattern; classtype:bad-unknown; sid:27991759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3796, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 53.slepov.dev"; dns.query; content:"53.slepov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3797, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d96.info"; dns.query; content:"dns.d96.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3798, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.d96.info"; dns.query; content:"www.dns.d96.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3799, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for porttwo.bigbangtheory.monster"; dns.query; content:"porttwo.bigbangtheory.monster"; nocase; fast_pattern; classtype:bad-unknown; sid:27991763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3800, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.depieri.net"; dns.query; content:"adguard.depieri.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3801, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-3.nashkan.net"; dns.query; content:"au-syd-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3802, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privilab.net"; dns.query; content:"dns.privilab.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3803, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns1.m-it.ro"; dns.query; content:"addns1.m-it.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3804, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aalqudah.site"; dns.query; content:"aalqudah.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3805, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cearhome.top"; dns.query; content:"dns.cearhome.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3806, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lujiacai.top"; dns.query; content:"doh.lujiacai.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3807, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.telex.app"; dns.query; content:"sg.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3808, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tapawan.ca"; dns.query; content:"dns.tapawan.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3809, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thanh933.cf"; dns.query; content:"thanh933.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3810, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for khsan.com"; dns.query; content:"khsan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3811, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.khsan.com"; dns.query; content:"www.khsan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3812, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.netrope.com"; dns.query; content:"dns.netrope.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3813, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.phclinz.de"; dns.query; content:"dns.phclinz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3814, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.knytl.eu"; dns.query; content:"dns.knytl.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3815, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wkwkwk.fun"; dns.query; content:"dns.wkwkwk.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3816, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.delage.li"; dns.query; content:"nas.delage.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27991780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3817, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.boje8.me"; dns.query; content:"doh.boje8.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3818, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vvmm.me"; dns.query; content:"vvmm.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3819, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for per.adfilter.net"; dns.query; content:"per.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3820, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dpserver87.ddns.net"; dns.query; content:"dpserver87.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3821, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.surenic.net"; dns.query; content:"dns.surenic.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3822, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deus-server.duckdns.org"; dns.query; content:"deus-server.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3823, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hooliganska.duckdns.org"; dns.query; content:"hooliganska.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3824, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for krtekvpn.duckdns.org"; dns.query; content:"krtekvpn.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3825, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adblocker.eu.org"; dns.query; content:"dns.adblocker.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3826, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cyberspace.pw"; dns.query; content:"dns.cyberspace.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3827, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mirandil.ru"; dns.query; content:"dns.mirandil.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3828, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tg.pp.ru"; dns.query; content:"tg.pp.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3829, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thefuturegg.xyz"; dns.query; content:"thefuturegg.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3830, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ggdns.club"; dns.query; content:"ggdns.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3831, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.0ooo.icu"; dns.query; content:"dns.0ooo.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3832, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for add.nods.in"; dns.query; content:"add.nods.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3833, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.sigma.monster"; dns.query; content:"adh.sigma.monster"; nocase; fast_pattern; classtype:bad-unknown; sid:27991797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3834, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dyhw.ddns.net"; dns.query; content:"dyhw.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3835, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tungtsbn2000.viewdns.net"; dns.query; content:"tungtsbn2000.viewdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3836, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wakgood.net"; dns.query; content:"dns.wakgood.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3837, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kolobok2.duckdns.orga"; dns.query; content:"kolobok2.duckdns.orga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3838, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for two.clanless.ovh"; dns.query; content:"two.clanless.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3839, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jellyhost.ovh"; dns.query; content:"adguard.jellyhost.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3840, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for steff.sbs"; dns.query; content:"steff.sbs"; nocase; fast_pattern; classtype:bad-unknown; sid:27991804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3841, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for retrospecto.tk"; dns.query; content:"retrospecto.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3842, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.yzh97rc.xyz"; dns.query; content:"www.yzh97rc.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3843, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.a-desg.cc"; dns.query; content:"dns1.a-desg.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3844, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cachitopetshop.com"; dns.query; content:"dns.cachitopetshop.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3845, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.niko-sem.com"; dns.query; content:"adguard.niko-sem.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3846, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thecremeens.com"; dns.query; content:"thecremeens.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3847, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server3.boldteam.ir"; dns.query; content:"server3.boldteam.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27991811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3848, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pass12335.myds.me"; dns.query; content:"pass12335.myds.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3849, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsblock.solvarea.nl"; dns.query; content:"dnsblock.solvarea.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3850, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mailer.amlegion.org"; dns.query; content:"mailer.amlegion.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3851, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dop.privatedns.org"; dns.query; content:"dop.privatedns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3852, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p.dns.sh-box.ru"; dns.query; content:"p.dns.sh-box.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3853, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.cbio.top"; dns.query; content:"dns2.cbio.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3854, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.jnorton.us"; dns.query; content:"adg.jnorton.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3855, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ermisguard.westeurope.cloudapp.azure.com"; dns.query; content:"ermisguard.westeurope.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3856, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.baabab.com"; dns.query; content:"dns.baabab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3857, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oracle.cepheus0.com"; dns.query; content:"oracle.cepheus0.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3858, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kngnet.de"; dns.query; content:"adguard.kngnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3859, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tabris-nas.synology.me"; dns.query; content:"tabris-nas.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3860, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh003.280blocker.net"; dns.query; content:"doh003.280blocker.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3861, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kawpad.tk"; dns.query; content:"dns.kawpad.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3862, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gnetworks.xyz"; dns.query; content:"dns.gnetworks.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3863, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns4me.net"; dns.query; content:"dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3872, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chenu.ch"; dns.query; content:"dns.chenu.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4192, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.audet.cloud"; dns.query; content:"dns.audet.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4193, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ps1.modr.club"; dns.query; content:"ps1.modr.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4194, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bahien.com"; dns.query; content:"dns.bahien.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4195, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dashofsunny.com"; dns.query; content:"adguard.dashofsunny.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4196, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nongdanthanky.com"; dns.query; content:"nongdanthanky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4197, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome-vps.couli.fr"; dns.query; content:"adguardhome-vps.couli.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4198, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.opopop.fun"; dns.query; content:"dns.opopop.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4199, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addguard.greenet.id"; dns.query; content:"addguard.greenet.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4200, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.richardapplegate.io"; dns.query; content:"adguard.richardapplegate.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4201, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for magicalvps.ml"; dns.query; content:"magicalvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4202, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cz-ces-w-1.nashkan.net"; dns.query; content:"cz-ces-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4203, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qbak.net"; dns.query; content:"dns.qbak.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4204, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.qbak.net"; dns.query; content:"home.qbak.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4205, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unixfox.duckdns.org"; dns.query; content:"unixfox.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4206, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.pakharenko.ru"; dns.query; content:"vpn.pakharenko.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4207, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.norvrandt.co.uk"; dns.query; content:"home.norvrandt.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4208, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tcorexxx.uk"; dns.query; content:"tcorexxx.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4209, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blockemall.xyz"; dns.query; content:"blockemall.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4210, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.eyecay.xyz"; dns.query; content:"kids.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4211, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bwh2.telex.app"; dns.query; content:"bwh2.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4218, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for douglaster.com"; dns.query; content:"douglaster.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4219, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk22.hujiajun.com"; dns.query; content:"hk22.hujiajun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4220, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mipauns.com"; dns.query; content:"dns.mipauns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4221, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surfbelow.com"; dns.query; content:"surfbelow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4222, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for douglaster.coma"; dns.query; content:"douglaster.coma"; nocase; fast_pattern; classtype:bad-unknown; sid:27991853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4223, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.bitteeinbyte.de"; dns.query; content:"adguard.bitteeinbyte.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4224, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xyz2.jammerxd.dev"; dns.query; content:"xyz2.jammerxd.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4225, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3.11i.eu"; dns.query; content:"3.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4226, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsserver.mailchan.eu"; dns.query; content:"dnsserver.mailchan.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4227, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for axaxa.fun"; dns.query; content:"axaxa.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4228, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cirruscloud.it"; dns.query; content:"cirruscloud.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4229, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neptune.alpo.me"; dns.query; content:"neptune.alpo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4230, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for puerta.ml"; dns.query; content:"puerta.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4231, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-2.nashkan.net"; dns.query; content:"au-syd-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4232, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-1.nashkan.net"; dns.query; content:"gb-lon-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4233, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-4.nashkan.net"; dns.query; content:"gb-lon-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4234, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lt-vil-w-3.nashkan.net"; dns.query; content:"lt-vil-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4235, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-1.nashkan.net"; dns.query; content:"pl-waw-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4236, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pt-lis-w-1.nashkan.net"; dns.query; content:"pt-lis-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4237, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-1.nashkan.net"; dns.query; content:"sg-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4238, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-atl-w-1.nashkan.net"; dns.query; content:"us-atl-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4239, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-1.nashkan.net"; dns.query; content:"us-chi-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4240, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-la-w-4.nashkan.net"; dns.query; content:"us-la-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4241, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.spaceindex.net"; dns.query; content:"adguard.spaceindex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4242, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mcptero.teunschrader.nl"; dns.query; content:"mcptero.teunschrader.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4243, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private-dns.provisionweb.org"; dns.query; content:"private-dns.provisionweb.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4244, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.seikson.ovh"; dns.query; content:"dns.seikson.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4245, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itdept.pro"; dns.query; content:"dns.itdept.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4246, updated_at 2023_11_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dronix27.ru"; dns.query; content:"dronix27.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4247, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muc-ns01.ibytex.systems"; dns.query; content:"muc-ns01.ibytex.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27991878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4248, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.muc-ns01.ibytex.systems"; dns.query; content:"www.muc-ns01.ibytex.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27991879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4249, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yvanliang.tech"; dns.query; content:"yvanliang.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4250, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.art-nas.pp.ua"; dns.query; content:"dns2.art-nas.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4251, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dnsadguard.co.uk"; dns.query; content:"www.dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4252, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securedns.vendorvista.xyz"; dns.query; content:"securedns.vendorvista.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4253, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kudns.kescher.at"; dns.query; content:"kudns.kescher.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4255, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thiagoalmeida.ca"; dns.query; content:"dns.thiagoalmeida.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4256, updated_at 2023_01_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaytorr.com"; dns.query; content:"dns.aaytorr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4260, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.adguard-dns.com"; dns.query; content:"d.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4261, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for awsdns.vpnrf.com"; dns.query; content:"awsdns.vpnrf.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4278, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.gslb2.xfinity.com"; dns.query; content:"doh2.gslb2.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4279, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for knight1.de"; dns.query; content:"knight1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4281, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.11i.eu"; dns.query; content:"1.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4286, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for totoland.eu"; dns.query; content:"totoland.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4288, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsg.psyk.fr"; dns.query; content:"dnsg.psyk.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4289, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safe.kswro.web.id"; dns.query; content:"safe.kswro.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4290, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for acomit.lk"; dns.query; content:"acomit.lk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4295, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.acomit.lk"; dns.query; content:"www.acomit.lk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4296, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crd.circl.lu"; dns.query; content:"crd.circl.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4297, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lon-dns.bitdefender.net"; dns.query; content:"lon-dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4300, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for peter-adguard.ddns.net"; dns.query; content:"peter-adguard.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4301, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for br-sao-w-1.nashkan.net"; dns.query; content:"br-sao-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4302, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for es-mad-w-2.nashkan.net"; dns.query; content:"es-mad-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4303, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv-rig-w-1.nashkan.net"; dns.query; content:"lv-rig-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4304, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams-w-3.nashkan.net"; dns.query; content:"nl-ams-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4305, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ro-buc-w-1.nashkan.net"; dns.query; content:"ro-buc-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4306, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drahonn.pro"; dns.query; content:"drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4317, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freezy121.ru"; dns.query; content:"freezy121.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4319, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-yyz.doh.sb"; dns.query; content:"ca-yyz.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4322, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu.doh.sb"; dns.query; content:"eu.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4323, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe.doh.sb"; dns.query; content:"europe.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4324, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsadguard.co.uk"; dns.query; content:"dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4325, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.burtnet.xyz"; dns.query; content:"dns1.burtnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4326, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.irumatech.com"; dns.query; content:"dns1.irumatech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4329, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2.xm706v.com"; dns.query; content:"v2.xm706v.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4330, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.norvig.dk"; dns.query; content:"dns.norvig.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4331, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mrcapslock.ir"; dns.query; content:"mrcapslock.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27991915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4332, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rennes.despagne.net"; dns.query; content:"adguard.rennes.despagne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4333, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for armorrush.eu.org"; dns.query; content:"armorrush.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4334, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agafon.space"; dns.query; content:"agafon.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4335, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.agafon.space"; dns.query; content:"www.agafon.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4336, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.server-way.tk"; dns.query; content:"mydns.server-way.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4337, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.r00l.pp.ua"; dns.query; content:"dns.r00l.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4338, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dramangodns.cf"; dns.query; content:"dramangodns.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4339, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.romantrojer.ch"; dns.query; content:"adguard.romantrojer.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4340, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.freequensi.com"; dns.query; content:"dns.freequensi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4341, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.silentlybren.com"; dns.query; content:"dns.silentlybren.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4342, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lion.yazilimatolye.com"; dns.query; content:"lion.yazilimatolye.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4343, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.almir1904.eu"; dns.query; content:"dns01.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4344, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.almir1904.eu"; dns.query; content:"doh.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4345, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mocha.r.rnet.ie"; dns.query; content:"mocha.r.rnet.ie"; nocase; fast_pattern; classtype:bad-unknown; sid:27991929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4346, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg2.spacework.com.mx"; dns.query; content:"adg2.spacework.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4347, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd.adfilter.net"; dns.query; content:"syd.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4348, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi.daryllswer.net"; dns.query; content:"pi.daryllswer.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4349, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gn6hoasz2o4tveit.dynv6.net"; dns.query; content:"gn6hoasz2o4tveit.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4350, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jeffreyblank.net"; dns.query; content:"jeffreyblank.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4351, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for green2.jnraptor.net"; dns.query; content:"green2.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4352, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.infrapod.nl"; dns.query; content:"adguard.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4353, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crazyfamily.online"; dns.query; content:"crazyfamily.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4354, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for halfon.online"; dns.query; content:"halfon.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4355, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vadim.online"; dns.query; content:"vadim.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4356, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for os.vadim.online"; dns.query; content:"os.vadim.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4357, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for datthinh1801-gcp.duckdns.org"; dns.query; content:"datthinh1801-gcp.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4358, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gunag.duckdns.org"; dns.query; content:"gunag.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4359, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.searom.ovh"; dns.query; content:"adguard.searom.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4360, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dycn.vip"; dns.query; content:"dycn.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27991944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4361, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dycn.vip"; dns.query; content:"www.dycn.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27991945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4362, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ikarosalpha.xyz"; dns.query; content:"ikarosalpha.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4363, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gateway.fomichev.cloud"; dns.query; content:"gateway.fomichev.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4365, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.h0schi.cloud"; dns.query; content:"dns2.h0schi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4366, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddd2.loukky.com"; dns.query; content:"ddd2.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4367, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.wistarip.com"; dns.query; content:"dns3.wistarip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4368, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cossxiu.ga"; dns.query; content:"cossxiu.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4369, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.druta.me"; dns.query; content:"dns.druta.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4370, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvps.familiamv.ml"; dns.query; content:"dnsvps.familiamv.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4371, updated_at 2023_07_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for andresmanuel.duckdns.org"; dns.query; content:"andresmanuel.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4372, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ttag.dns.nomu.pw"; dns.query; content:"ttag.dns.nomu.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4373, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.amigo-mgn.ru"; dns.query; content:"dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4374, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.dns.amigo-mgn.ru"; dns.query; content:"alisa.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4375, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.dns.amigo-mgn.ru"; dns.query; content:"igor.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4376, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kerio.dns.amigo-mgn.ru"; dns.query; content:"kerio.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4377, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.dns.amigo-mgn.ru"; dns.query; content:"kotys.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4378, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.dns.amigo-mgn.ru"; dns.query; content:"olga.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4379, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vlad.dns.amigo-mgn.ru"; dns.query; content:"vlad.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4380, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.dns.amigo-mgn.ru"; dns.query; content:"vovale.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4381, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wifi.dns.amigo-mgn.ru"; dns.query; content:"wifi.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4382, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sip.amigo-mgn.ru"; dns.query; content:"sip.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4383, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-119.cattery.work"; dns.query; content:"sg-119.cattery.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27991966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4384, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olcaylar.mooo.com"; dns.query; content:"olcaylar.mooo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4385, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.twtrs.com"; dns.query; content:"dns.twtrs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4386, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1qaz.de"; dns.query; content:"1qaz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4387, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.firestrike-services.de"; dns.query; content:"adguard.firestrike-services.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4388, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.struchkov.dev"; dns.query; content:"dns.struchkov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4389, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ubd.ac.id"; dns.query; content:"doh.ubd.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4390, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d3.supremum.io"; dns.query; content:"d3.supremum.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4391, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neochronicles.live"; dns.query; content:"neochronicles.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27991974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4392, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.jsanagustin.net"; dns.query; content:"adguard1.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4393, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.njy.jsanagustin.net"; dns.query; content:"adguard1.njy.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4394, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad1.heronet.nl"; dns.query; content:"ad1.heronet.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4395, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for interestingly.eu.org"; dns.query; content:"interestingly.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4396, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.interestingly.eu.org"; dns.query; content:"www.interestingly.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4397, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.myddns.org"; dns.query; content:"adguard.myddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4398, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.sntrk.ru"; dns.query; content:"guard.sntrk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4399, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssilo.top"; dns.query; content:"dnssilo.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4400, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yuan.idv.tw"; dns.query; content:"yuan.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4401, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edgeworkssystems.ca"; dns.query; content:"dns.edgeworkssystems.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4402, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.qenisis.com"; dns.query; content:"adg.qenisis.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4403, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mainframe.dewed.de"; dns.query; content:"mainframe.dewed.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4404, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.frece.de"; dns.query; content:"adguard.frece.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4405, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ard.net.sys.of.icu"; dns.query; content:"ard.net.sys.of.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4406, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bilidon.dnsuser.info"; dns.query; content:"bilidon.dnsuser.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4407, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aman.ltd"; dns.query; content:"dns.aman.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4408, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-tyo-w-1.nashkan.net"; dns.query; content:"jp-tyo-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4409, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh-target-noads-se.alekberg.net"; dns.query; content:"odoh-target-noads-se.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4413, updated_at 2023_01_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh-target.alekberg.net"; dns.query; content:"odoh-target.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4414, updated_at 2023_01_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for debian-01.eastasia.cloudapp.azure.com"; dns.query; content:"debian-01.eastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4418, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.warexify.com"; dns.query; content:"dns.warexify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4419, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for douglas.mebrak.fr"; dns.query; content:"douglas.mebrak.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4420, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for services.akierry.io"; dns.query; content:"services.akierry.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4421, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.takkunn.pgw.jp"; dns.query; content:"adguardhome.takkunn.pgw.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27991998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4422, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for notecore.me"; dns.query; content:"notecore.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4423, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.soncms.me"; dns.query; content:"dns.soncms.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4424, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.sinafreenet.ml"; dns.query; content:"a.sinafreenet.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4425, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for echoe1yidzu4ioo5.myfritz.net"; dns.query; content:"echoe1yidzu4ioo5.myfritz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4426, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-3.nashkan.net"; dns.query; content:"de-fsn-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4427, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-w-4.nashkan.net"; dns.query; content:"hk-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4428, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguarddns.otroid.net"; dns.query; content:"adguarddns.otroid.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4429, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.4ab.nl"; dns.query; content:"dns.4ab.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4430, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.52306.org"; dns.query; content:"dns.52306.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4431, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.liumuze.org"; dns.query; content:"dns.liumuze.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4432, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rafal.top"; dns.query; content:"dns.rafal.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4433, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-api.icloud.com"; dns.query; content:"mask-api.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4435, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unifi.carioka.com"; dns.query; content:"unifi.carioka.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4438, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guardians.jenspoelitz.de"; dns.query; content:"guardians.jenspoelitz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4439, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.asdw.fun"; dns.query; content:"dns.asdw.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4440, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for devsimo.it"; dns.query; content:"devsimo.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4441, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gztech.me"; dns.query; content:"gztech.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4442, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jiagm.me"; dns.query; content:"dns.jiagm.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4443, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-sea-w-6.nashkan.net"; dns.query; content:"us-sea-w-6.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4444, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for carioka.dyndns.org"; dns.query; content:"carioka.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4445, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lululu.eu.org"; dns.query; content:"doh.lululu.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4446, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ipharaon.ru"; dns.query; content:"ipharaon.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4447, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.marsnet.xyz"; dns.query; content:"dns.marsnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4448, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.datamatter.co.za"; dns.query; content:"pihole.datamatter.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27992022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4449, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stud.cloud"; dns.query; content:"dns.stud.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4450, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.stud.cloud"; dns.query; content:"www.dns.stud.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4451, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keymiagar.ir"; dns.query; content:"keymiagar.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4452, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-sea-w-5.nashkan.net"; dns.query; content:"us-sea-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4453, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for greppie.nl"; dns.query; content:"greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4454, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for laptop001.greppie.nl"; dns.query; content:"laptop001.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4455, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maikel.greppie.nl"; dns.query; content:"maikel.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4456, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.greppie.nl"; dns.query; content:"www.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4457, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cqd.duckdns.org"; dns.query; content:"cqd.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4458, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas1403.duckdns.org"; dns.query; content:"nas1403.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4459, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bin.st"; dns.query; content:"dns.bin.st"; nocase; fast_pattern; classtype:bad-unknown; sid:27992033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4460, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.040910.top"; dns.query; content:"www.040910.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4461, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xm.ln7371.top"; dns.query; content:"xm.ln7371.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4462, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpservice.cf"; dns.query; content:"vpservice.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4463, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anixlab.com"; dns.query; content:"anixlab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4464, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.techromantica.com"; dns.query; content:"adguard.techromantica.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4465, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d-n-s.fun"; dns.query; content:"d-n-s.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4466, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for batshitcrazy.ddns.net"; dns.query; content:"batshitcrazy.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4467, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gustamadh.dynv6.net"; dns.query; content:"gustamadh.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4468, updated_at 2023_06_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securenet.mhsystems.net"; dns.query; content:"securenet.mhsystems.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4469, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aattwwss.duckdns.org"; dns.query; content:"aattwwss.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4470, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for area51.mywire.org"; dns.query; content:"area51.mywire.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4471, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sekular.pl"; dns.query; content:"adguard.sekular.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4472, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lspcr.space"; dns.query; content:"adguard.lspcr.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4473, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd-docker.lspcr.space"; dns.query; content:"syd-docker.lspcr.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4474, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnshk.eve.surf"; dns.query; content:"dnshk.eve.surf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4475, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an.loliconapp.top"; dns.query; content:"an.loliconapp.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4476, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wns.watch"; dns.query; content:"dns.wns.watch"; nocase; fast_pattern; classtype:bad-unknown; sid:27992050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4477, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atomicvps.xyz"; dns.query; content:"atomicvps.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4478, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.atomicvps.xyz"; dns.query; content:"www.atomicvps.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4479, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.dns-ga.de"; dns.query; content:"dns2.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4480, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.dns-ga.de"; dns.query; content:"dns3.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4481, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nebula.sly.io"; dns.query; content:"nebula.sly.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4482, updated_at 2023_02_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cgmzdd.com"; dns.query; content:"cgmzdd.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4484, updated_at 2023_02_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ghexu.com"; dns.query; content:"dns.ghexu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4485, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hubertdns.com"; dns.query; content:"hubertdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4486, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uni.shy.as.towhy.com"; dns.query; content:"uni.shy.as.towhy.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4487, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudlinz.de"; dns.query; content:"dns.cloudlinz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4488, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pvsv.io"; dns.query; content:"pvsv.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4489, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cz-pra-w-1.nashkan.net"; dns.query; content:"cz-pra-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4490, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for punono.duckdns.org"; dns.query; content:"punono.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4491, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thebuckners.org"; dns.query; content:"dns.thebuckners.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4492, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lion.dns.qwer.pw"; dns.query; content:"lion.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4493, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vmok.ru"; dns.query; content:"vmok.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4494, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.aghaaliagha.tk"; dns.query; content:"ad.aghaaliagha.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4495, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp1.f7b6h9.tk"; dns.query; content:"jp1.f7b6h9.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4496, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tiger2.tk"; dns.query; content:"tiger2.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4497, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.avastdns.com"; dns.query; content:"secure.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4498, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lindung.pp.ua"; dns.query; content:"lindung.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4499, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rotunneling.net"; dns.query; content:"dns.rotunneling.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4500, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securedns.buzz"; dns.query; content:"securedns.buzz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4501, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for emozee.cf"; dns.query; content:"emozee.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4502, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jaydub.cloud"; dns.query; content:"adguard.jaydub.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4503, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.grantbruneau.com"; dns.query; content:"adguard.grantbruneau.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4505, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for strata.gurupannu.com"; dns.query; content:"strata.gurupannu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4506, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.strata.gurupannu.com"; dns.query; content:"dns.strata.gurupannu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4507, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homerouter-dns.strata.gurupannu.com"; dns.query; content:"homerouter-dns.strata.gurupannu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4508, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.strata.gurupannu.com"; dns.query; content:"vpn.strata.gurupannu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4509, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n11649246144.netvigator.com"; dns.query; content:"n11649246144.netvigator.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4510, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nullrecon.com"; dns.query; content:"dns.nullrecon.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4511, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dev.reallemc.com"; dns.query; content:"dev.reallemc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4512, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kenzohost.de"; dns.query; content:"adguard.kenzohost.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4515, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beacon.dog"; dns.query; content:"beacon.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27992085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4516, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb-home.xaoimoon.fr"; dns.query; content:"adb-home.xaoimoon.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4517, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for groupy.ga"; dns.query; content:"groupy.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27992087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4518, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jkdns.me"; dns.query; content:"jkdns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4520, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apollo.collectivemedia.network"; dns.query; content:"apollo.collectivemedia.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4522, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dog.dns.qwer.pw"; dns.query; content:"dog.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4523, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.magic-pics.tk"; dns.query; content:"guard.magic-pics.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4524, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gbrossi.com.br"; dns.query; content:"adguard.gbrossi.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27992092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4527, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ekipapi.com"; dns.query; content:"dns.ekipapi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4528, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pix.piriot.de"; dns.query; content:"pix.piriot.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4529, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edison42.dev"; dns.query; content:"dns.edison42.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4530, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hgns.harriganhome.ga"; dns.query; content:"hgns.harriganhome.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27992096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4531, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tanmoyvpn.ddns.net"; dns.query; content:"tanmoyvpn.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4532, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akhilkalwakurthy.dyndns.org"; dns.query; content:"akhilkalwakurthy.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4533, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sv3.minhduc.pw"; dns.query; content:"sv3.minhduc.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4534, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homelabjaw.tk"; dns.query; content:"homelabjaw.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4535, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kintyre.uk"; dns.query; content:"kintyre.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4536, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kintyre.uk"; dns.query; content:"www.kintyre.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4537, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gaoadmin.win"; dns.query; content:"gaoadmin.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27992103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4538, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpok.996333.xyz"; dns.query; content:"jpok.996333.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4539, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra1.eyecay.xyz"; dns.query; content:"fra1.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4540, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mjthemelancholy.xyz"; dns.query; content:"adguard.mjthemelancholy.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4541, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.ssrahul96.xyz"; dns.query; content:"ag.ssrahul96.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4542, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.onedns.net"; dns.query; content:"doh.onedns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4543, updated_at 2023_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lapanovi.ch"; dns.query; content:"lapanovi.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27992109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4544, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for funwithtape.com"; dns.query; content:"funwithtape.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4545, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 6692.giize.com"; dns.query; content:"6692.giize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4546, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n-wan.dynv6.net"; dns.query; content:"n-wan.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4547, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.samuelthomasfamily.net"; dns.query; content:"adguard.samuelthomasfamily.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4548, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for k0rtus-gg.ru"; dns.query; content:"k0rtus-gg.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4549, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.korks.tk"; dns.query; content:"adguard.korks.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4550, updated_at 2023_04_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guoyingwei.top"; dns.query; content:"guoyingwei.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4551, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.guoyingwei.top"; dns.query; content:"www.guoyingwei.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4552, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hewittnet.us"; dns.query; content:"hewittnet.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4553, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darktraffic.cloud"; dns.query; content:"darktraffic.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4554, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.darktraffic.cloud"; dns.query; content:"dns.darktraffic.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4555, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mzrme.cn"; dns.query; content:"dns.mzrme.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4556, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.me7878.com"; dns.query; content:"dns.me7878.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4557, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.porteii.com"; dns.query; content:"dns.porteii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4558, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uuming.com"; dns.query; content:"dns.uuming.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4559, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dr-adguard.de"; dns.query; content:"dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4560, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server01.dr-adguard.de"; dns.query; content:"server01.dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4561, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server02.dr-adguard.de"; dns.query; content:"server02.dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4562, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server03.dr-adguard.de"; dns.query; content:"server03.dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4563, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.v1l.de"; dns.query; content:"adguard.v1l.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4564, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a11.diplo.es"; dns.query; content:"a11.diplo.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27992130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4565, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for note11.diplo.es"; dns.query; content:"note11.diplo.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27992131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4566, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.steinr.eu"; dns.query; content:"dns.steinr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4567, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dgea.fr"; dns.query; content:"dns.dgea.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4568, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blockerads.multimediaconcept.fr"; dns.query; content:"blockerads.multimediaconcept.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4569, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tuic.salome.my.id"; dns.query; content:"tuic.salome.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4570, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hyperspace.toxopeus.it"; dns.query; content:"hyperspace.toxopeus.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4571, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.rynet.link"; dns.query; content:"vpn.rynet.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4572, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud10.ownvps.ml"; dns.query; content:"cloud10.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4573, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for travis90x.ddns.net"; dns.query; content:"travis90x.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4574, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ocedric.net"; dns.query; content:"dns.ocedric.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4575, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ssh-storage.ru"; dns.query; content:"ssh-storage.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4576, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ssh-storage.ru"; dns.query; content:"dot.ssh-storage.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4577, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns0.tardishost.ru"; dns.query; content:"dns0.tardishost.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4578, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tah.space"; dns.query; content:"dns.tah.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4579, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.jmdesign.uk"; dns.query; content:"adg.jmdesign.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4580, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp2.101818.xyz"; dns.query; content:"jp2.101818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4581, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for q3i6k7j3.stackpathcdn.com"; dns.query; content:"q3i6k7j3.stackpathcdn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4911, updated_at 2023_02_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yzh.asia"; dns.query; content:"dns.yzh.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27992148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5005, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for feifei200x12.cf"; dns.query; content:"feifei200x12.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5006, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for office.heimtec.com"; dns.query; content:"office.heimtec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5007, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lat-team.com"; dns.query; content:"dns.lat-team.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5008, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.safeith.com"; dns.query; content:"dns.safeith.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5009, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdnscarme.com"; dns.query; content:"sdnscarme.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5010, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.janl.eu"; dns.query; content:"dns.janl.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5012, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dr3d.my.id"; dns.query; content:"dr3d.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5013, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.connexum.mx"; dns.query; content:"adguard.connexum.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27992156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5014, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shutgaming.net"; dns.query; content:"adguard.shutgaming.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5017, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.wntrmute.net"; dns.query; content:"ag.wntrmute.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5018, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oursecure.network"; dns.query; content:"dns.oursecure.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5019, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.forst.one"; dns.query; content:"adguard1.forst.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5020, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mykewl.pro"; dns.query; content:"mykewl.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5021, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.jmarkin.ru"; dns.query; content:"vps.jmarkin.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5022, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vk09.ru"; dns.query; content:"dns.vk09.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5023, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.swehosting.se"; dns.query; content:"dns.swehosting.se"; nocase; fast_pattern; classtype:bad-unknown; sid:27992164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5024, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bevrydns.stream"; dns.query; content:"bevrydns.stream"; nocase; fast_pattern; classtype:bad-unknown; sid:27992165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5025, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bezainf.tk"; dns.query; content:"dns.bezainf.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5026, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.bezainf.tk"; dns.query; content:"vpn.bezainf.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5027, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for joy096speed.pp.ua"; dns.query; content:"joy096speed.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5028, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pooblet.co.za"; dns.query; content:"pooblet.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27992169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5029, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnss.tlers.cf"; dns.query; content:"dnss.tlers.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5030, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-guard2.cryptroute.com"; dns.query; content:"dns-guard2.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5031, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for storydoh.kinergetica.com"; dns.query; content:"storydoh.kinergetica.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5032, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shoupperuser.com"; dns.query; content:"adguard.shoupperuser.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5033, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsoci.uplenk.com"; dns.query; content:"dnsoci.uplenk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5034, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.slvrsrvr.de"; dns.query; content:"dns1.slvrsrvr.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5035, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.klcd.eu"; dns.query; content:"dns2.klcd.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5036, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-nue-w-2.nashkan.net"; dns.query; content:"de-nue-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5037, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rabanete.duckdns.org"; dns.query; content:"rabanete.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5038, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaiser.int.eu.org"; dns.query; content:"kaiser.int.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5039, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frog.dns.qwer.pw"; dns.query; content:"frog.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5040, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.msameh.tk"; dns.query; content:"dns.msameh.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5041, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dentora.ca"; dns.query; content:"dentora.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27992182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5042, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oradns.anbitech.com"; dns.query; content:"oradns.anbitech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5043, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drive.jjlizz.com"; dns.query; content:"drive.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5044, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.mtsoln.com"; dns.query; content:"ns.mtsoln.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5045, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.majaroboan.de"; dns.query; content:"dns.majaroboan.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5046, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.solutics.ec"; dns.query; content:"i.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27992187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5047, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.i.solutics.ec"; dns.query; content:"dns.i.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27992188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5048, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.i.solutics.ec"; dns.query; content:"home.i.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27992189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5049, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for plex.i.solutics.ec"; dns.query; content:"plex.i.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27992190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5050, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lax.core.access.zznet.fun"; dns.query; content:"lax.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5051, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d3.shabi.icu"; dns.query; content:"d3.shabi.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5052, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fahr.in"; dns.query; content:"dns.fahr.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5053, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lalafell.info"; dns.query; content:"dns.lalafell.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5054, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.insec.link"; dns.query; content:"dns.insec.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5055, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dsh.lol"; dns.query; content:"dns.dsh.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27992196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5056, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seanyan.ddns.net"; dns.query; content:"seanyan.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5057, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-w-1.nashkan.net"; dns.query; content:"hk-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5058, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mos-w-2.nashkan.net"; dns.query; content:"ru-mos-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5059, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-jac-w-1.nashkan.net"; dns.query; content:"us-jac-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5060, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for w2hq5e27.altigen.org"; dns.query; content:"w2hq5e27.altigen.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5061, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clubsv.duckdns.org"; dns.query; content:"clubsv.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5062, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filya.fb.i81.ru"; dns.query; content:"filya.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5063, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lena.fb.i81.ru"; dns.query; content:"lena.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5064, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vasya.fb.i81.ru"; dns.query; content:"vasya.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5065, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.fb.i81.ru"; dns.query; content:"vovale.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5066, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for win10virtual.fb.i81.ru"; dns.query; content:"win10virtual.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5067, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for markolll.ru"; dns.query; content:"markolll.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5068, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.markolll.ru"; dns.query; content:"www.markolll.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5069, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for todns.work"; dns.query; content:"todns.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27992210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5070, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rsnetwork.be"; dns.query; content:"dns.rsnetwork.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27992211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5072, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kintoun.alves.cc"; dns.query; content:"kintoun.alves.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27992212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5073, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.brandonsli.com"; dns.query; content:"adguard.brandonsli.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5074, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for essentiallyjay.com"; dns.query; content:"essentiallyjay.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5075, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for storage.jjlizz.com"; dns.query; content:"storage.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5076, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nayemador.com"; dns.query; content:"nayemador.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5077, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mimir.netwerk.io"; dns.query; content:"mimir.netwerk.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5078, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.keipert.me"; dns.query; content:"dns2.keipert.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5079, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.one23.one"; dns.query; content:"doh.one23.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5080, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sac.rebl.eu.org"; dns.query; content:"dns.sac.rebl.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5081, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hr.i81.ru"; dns.query; content:"hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5082, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.i81.ru"; dns.query; content:"vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5083, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.vpn.i81.ru"; dns.query; content:"alisa.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5084, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.vpn.i81.ru"; dns.query; content:"amigo.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5085, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.vpn.i81.ru"; dns.query; content:"igor.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5086, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.vpn.i81.ru"; dns.query; content:"kotys.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5087, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.vpn.i81.ru"; dns.query; content:"luba.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5088, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.vpn.i81.ru"; dns.query; content:"olga.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5089, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.vpn.i81.ru"; dns.query; content:"vova.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5090, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kondrcloud.ru"; dns.query; content:"kondrcloud.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5091, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kondrcloud.ru"; dns.query; content:"www.kondrcloud.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5092, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vudy.ru"; dns.query; content:"vudy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5093, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skyline.vvvvvei.win"; dns.query; content:"skyline.vvvvvei.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27992233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5094, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.532641.xyz"; dns.query; content:"dns.532641.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5095, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for di2626.xyz"; dns.query; content:"di2626.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5096, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lalantha.xyz"; dns.query; content:"adguard.lalantha.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5097, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oracle-lab01.crmd.co.za"; dns.query; content:"oracle-lab01.crmd.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27992237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5098, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.borlee.be"; dns.query; content:"dns.borlee.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27992238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5099, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.schlagheck.berlin"; dns.query; content:"dns.schlagheck.berlin"; nocase; fast_pattern; classtype:bad-unknown; sid:27992239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5100, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arrakis.korolyzer.com.br"; dns.query; content:"arrakis.korolyzer.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27992240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5101, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.muadib.club"; dns.query; content:"dns.muadib.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27992241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5102, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for green.cyberbeta.cn"; dns.query; content:"green.cyberbeta.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5103, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.embraced.co"; dns.query; content:"nas.embraced.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27992243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5104, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gosuntrip.com"; dns.query; content:"gosuntrip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5105, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mcttechs.com"; dns.query; content:"mcttechs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5106, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.meidouling.com"; dns.query; content:"jp.meidouling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5107, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rnaybank.com"; dns.query; content:"rnaybank.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5108, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rnaybank.com"; dns.query; content:"dns.rnaybank.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5109, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spacexnetdomain.com"; dns.query; content:"spacexnetdomain.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5110, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odon.de"; dns.query; content:"odon.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5111, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.visbran.fr"; dns.query; content:"ad.visbran.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5112, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maye.ir"; dns.query; content:"maye.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5113, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ccrespawn.net"; dns.query; content:"dns.ccrespawn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5114, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-bhs-w-2.nashkan.net"; dns.query; content:"ca-bhs-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5115, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-3.nashkan.net"; dns.query; content:"us-chi-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5116, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darkboyjyoti.online"; dns.query; content:"darkboyjyoti.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5117, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azagramac.duckdns.org"; dns.query; content:"azagramac.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5118, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gwps.duckdns.org"; dns.query; content:"gwps.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5119, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cdn.implementsfreedom.studio"; dns.query; content:"cdn.implementsfreedom.studio"; nocase; fast_pattern; classtype:bad-unknown; sid:27992259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5120, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lboxtv.top"; dns.query; content:"lboxtv.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5121, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.lboxtv.top"; dns.query; content:"www.lboxtv.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5122, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 01qnpxtzym02adjlrcub03.sergeykobzar.com.ua"; dns.query; content:"01qnpxtzym02adjlrcub03.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5123, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 04qnpxtzym05adjlrcub06.sergeykobzar.com.ua"; dns.query; content:"04qnpxtzym05adjlrcub06.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5124, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 07qnpxtzym08adjlrcub09.sergeykobzar.com.ua"; dns.query; content:"07qnpxtzym08adjlrcub09.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5125, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 10qnpxtzym11adjlrcub12.sergeykobzar.com.ua"; dns.query; content:"10qnpxtzym11adjlrcub12.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5126, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 13qnpxtzym14adjlrcub15.sergeykobzar.com.ua"; dns.query; content:"13qnpxtzym14adjlrcub15.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5127, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.4-the.win"; dns.query; content:"dns.4-the.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27992267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5128, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.240527.xyz"; dns.query; content:"dns.240527.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5129, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hackerwolf.xyz"; dns.query; content:"dns.hackerwolf.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5130, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wzybigman.xyz"; dns.query; content:"wzybigman.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5131, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.wzybigman.xyz"; dns.query; content:"www.wzybigman.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5132, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr.telex.app"; dns.query; content:"kr.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27992272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5139, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.afastserver.com"; dns.query; content:"dns3.afastserver.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5140, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.junhengyun.com"; dns.query; content:"dns.junhengyun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5141, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nikolagjorgjijoski.com"; dns.query; content:"dns.nikolagjorgjijoski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5142, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rubengarrido.com"; dns.query; content:"adguard.rubengarrido.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5143, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudsrv.charitosnet.de"; dns.query; content:"cloudsrv.charitosnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5144, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for info-hub.de"; dns.query; content:"info-hub.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5145, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bulatov.dev"; dns.query; content:"dns.bulatov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5146, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.solutics.ec"; dns.query; content:"ns.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27992280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5147, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thechance.family"; dns.query; content:"dns.thechance.family"; nocase; fast_pattern; classtype:bad-unknown; sid:27992281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5148, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for valleverde.icu"; dns.query; content:"valleverde.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5149, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh3.server.my.id"; dns.query; content:"agh3.server.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5150, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for y3suyx0cg2lewi2dmn.advaitghaisas.in"; dns.query; content:"y3suyx0cg2lewi2dmn.advaitghaisas.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5151, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.technochat.in"; dns.query; content:"doh.technochat.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5152, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wargan.io"; dns.query; content:"dns.wargan.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5153, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dhlifeus-micro1.dns.3456.kr"; dns.query; content:"dhlifeus-micro1.dns.3456.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5154, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.ixghzx.ml"; dns.query; content:"agh.ixghzx.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5155, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for andz21.dynv6.net"; dns.query; content:"andz21.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5156, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.jsanagustin.net"; dns.query; content:"adguard2.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5157, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.atl.jsanagustin.net"; dns.query; content:"adguard2.atl.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5158, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ch-zur-w-1.nashkan.net"; dns.query; content:"ch-zur-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5159, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-nyc-w-1.nashkan.net"; dns.query; content:"us-nyc-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5160, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.bit-trails.nl"; dns.query; content:"ns1.bit-trails.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5161, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for l2tp.vvps.one"; dns.query; content:"l2tp.vvps.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5162, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nwps.duckdns.org"; dns.query; content:"nwps.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5163, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zakariya.org"; dns.query; content:"dns.zakariya.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5164, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shaa.line.pm"; dns.query; content:"shaa.line.pm"; nocase; fast_pattern; classtype:bad-unknown; sid:27992298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5165, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for main.nn7.pw"; dns.query; content:"main.nn7.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5166, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.netmasc.services"; dns.query; content:"adguard.netmasc.services"; nocase; fast_pattern; classtype:bad-unknown; sid:27992300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5167, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.venya.tech"; dns.query; content:"dns.venya.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27992301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5168, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blitzd.co.uk"; dns.query; content:"blitzd.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5169, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shiestyro.world"; dns.query; content:"shiestyro.world"; nocase; fast_pattern; classtype:bad-unknown; sid:27992303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5170, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t5.240130034.xyz"; dns.query; content:"t5.240130034.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5171, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cld.996969.xyz"; dns.query; content:"cld.996969.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5172, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.feedbot.xyz"; dns.query; content:"dns.feedbot.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5173, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for greenhamadguard.com.au"; dns.query; content:"greenhamadguard.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27992307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5174, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for quantum-age.cn"; dns.query; content:"quantum-age.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5175, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.lighthousemd.co"; dns.query; content:"adns.lighthousemd.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27992309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5176, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blokuj.ujwie.co"; dns.query; content:"blokuj.ujwie.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27992310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5177, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test.5ososea.com"; dns.query; content:"test.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5178, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.afastserver.com"; dns.query; content:"dns1.afastserver.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5179, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ithernit.com"; dns.query; content:"adguard.ithernit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5180, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oguska.com"; dns.query; content:"dns.oguska.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5181, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.porteii.com"; dns.query; content:"dns2.porteii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5182, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for think-howling.com"; dns.query; content:"think-howling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5183, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uplenk.com"; dns.query; content:"dns.uplenk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5184, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zvsrs.com"; dns.query; content:"dns.zvsrs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5185, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aykanbacaksoy.de"; dns.query; content:"dns.aykanbacaksoy.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5186, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg01.localnet.dev"; dns.query; content:"sg01.localnet.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5187, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zion.dev"; dns.query; content:"dns.zion.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5188, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-aws.charraud.eu"; dns.query; content:"adguard-aws.charraud.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5189, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.charraud.eu"; dns.query; content:"vpn.charraud.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5190, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg.core.access.zznet.fun"; dns.query; content:"hkg.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5191, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh2.server.my.id"; dns.query; content:"agh2.server.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5192, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mywebdoma.in"; dns.query; content:"adguard.mywebdoma.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5193, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ebersmann.link"; dns.query; content:"dns.ebersmann.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5194, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2.xx3210766.live"; dns.query; content:"v2.xx3210766.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27992328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5195, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freestaila.synology.me"; dns.query; content:"freestaila.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5196, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quangthang.men"; dns.query; content:"dns.quangthang.men"; nocase; fast_pattern; classtype:bad-unknown; sid:27992330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5197, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.agadez.net"; dns.query; content:"adguard.agadez.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5198, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.cloudmini.net"; dns.query; content:"adguard2.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5199, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pccoach.ddns.net"; dns.query; content:"pccoach.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5200, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.taufner.net"; dns.query; content:"adguard.taufner.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5201, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.abdullahabas.online"; dns.query; content:"adguard.abdullahabas.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5202, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.abdullahabas.online"; dns.query; content:"dns.abdullahabas.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5203, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sctb1.freeddns.org"; dns.query; content:"sctb1.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5204, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.styxnetwork.org"; dns.query; content:"adguard.styxnetwork.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5205, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1586767.hosted-by-vdsina.ru"; dns.query; content:"v1586767.hosted-by-vdsina.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5206, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.simasi.ru"; dns.query; content:"dns1.simasi.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5207, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.puthiyedath.tk"; dns.query; content:"dns.puthiyedath.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5208, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for onedns.top"; dns.query; content:"onedns.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5209, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guardhome.fatihkuyuk.com.tr"; dns.query; content:"guardhome.fatihkuyuk.com.tr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5210, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for portal.iddqd.uk"; dns.query; content:"portal.iddqd.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5211, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xn--29ab3cg3bhgt.xn--y9a3aq"; dns.query; content:"dns.xn--29ab3cg3bhgt.xn--y9a3aq"; nocase; fast_pattern; classtype:bad-unknown; sid:27992345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5212, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.dentdns.ca"; dns.query; content:"dns3.dentdns.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27992346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5214, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s1.soft88.click"; dns.query; content:"s1.soft88.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27992347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5215, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bwg.seggs.cn"; dns.query; content:"bwg.seggs.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5216, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mrmartian.co"; dns.query; content:"adguard.mrmartian.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27992349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5217, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oc0.co"; dns.query; content:"dns.oc0.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27992350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5218, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ac-weather.com"; dns.query; content:"dns.ac-weather.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5219, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ciscofreak.com"; dns.query; content:"dns.ciscofreak.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5220, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d309044.eu"; dns.query; content:"dns.d309044.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5221, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ah.potapov.host"; dns.query; content:"ah.potapov.host"; nocase; fast_pattern; classtype:bad-unknown; sid:27992354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5222, updated_at 2023_02_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frank-web.dedyn.io"; dns.query; content:"frank-web.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5223, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kakisungdocker.synology.me"; dns.query; content:"kakisungdocker.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5224, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tr-ist-w-1.nashkan.net"; dns.query; content:"tr-ist-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5225, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nicklabs.net"; dns.query; content:"nicklabs.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5226, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eksl.one"; dns.query; content:"dns.eksl.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5227, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kufei.org"; dns.query; content:"kufei.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5228, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eliatofani.ovh"; dns.query; content:"eliatofani.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5229, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ouate2phoque.ovh"; dns.query; content:"adguard.ouate2phoque.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5230, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itdata.ro"; dns.query; content:"dns.itdata.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5231, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn-ru-msk.pakharenko.ru"; dns.query; content:"vpn-ru-msk.pakharenko.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5232, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.woexp.ru"; dns.query; content:"dns.woexp.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5233, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cretu.xyz"; dns.query; content:"dns.cretu.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5234, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.dotls.org"; dns.query; content:"ns1.dotls.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5235, updated_at 2023_05_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.psycla.be"; dns.query; content:"dns.psycla.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27992368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5236, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for appart.yoannchappaz.best"; dns.query; content:"appart.yoannchappaz.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27992369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5237, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for slambenchmarking.buzz"; dns.query; content:"slambenchmarking.buzz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5238, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for web.pasi.cat"; dns.query; content:"web.pasi.cat"; nocase; fast_pattern; classtype:bad-unknown; sid:27992371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5239, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.52lanlan.com"; dns.query; content:"www.52lanlan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5240, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.caksono.com"; dns.query; content:"dns.caksono.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5241, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dbbs.dns.databyte-network.com"; dns.query; content:"dbbs.dns.databyte-network.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5242, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mykraeken.ddnsgeek.com"; dns.query; content:"mykraeken.ddnsgeek.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5243, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.decisivedevops.com"; dns.query; content:"dns.decisivedevops.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5244, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.inforlogia.com"; dns.query; content:"dns.inforlogia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5245, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yameenassotally.com"; dns.query; content:"dns.yameenassotally.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5246, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.marschi.de"; dns.query; content:"ag.marschi.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5247, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for in02.localnet.dev"; dns.query; content:"in02.localnet.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5248, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for horus.web000.fr"; dns.query; content:"horus.web000.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5249, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jean.im"; dns.query; content:"dns.jean.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27992382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5250, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for league2eb.me"; dns.query; content:"league2eb.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5251, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yrc.synology.me"; dns.query; content:"yrc.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5252, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for diskstation.alexpollard.net"; dns.query; content:"diskstation.alexpollard.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5253, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for management.alexpollard.net"; dns.query; content:"management.alexpollard.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5254, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for loudsheep.ddns.net"; dns.query; content:"loudsheep.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5255, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.emperorslounge.net"; dns.query; content:"adguard.emperorslounge.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5256, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-dal-w-4.nashkan.net"; dns.query; content:"us-dal-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5257, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for black-cats.org"; dns.query; content:"black-cats.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5258, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xecure.duckdns.org"; dns.query; content:"xecure.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5260, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private.supplies.eu.org"; dns.query; content:"private.supplies.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5261, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mypihole.hopto.org"; dns.query; content:"mypihole.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5262, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privdns.org"; dns.query; content:"privdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5263, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.h81.pl"; dns.query; content:"dns.h81.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5264, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qwenty.ru"; dns.query; content:"qwenty.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5265, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.qwenty.ru"; dns.query; content:"www.qwenty.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5266, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rasks.ru"; dns.query; content:"dns.rasks.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5267, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.systemfall.ru"; dns.query; content:"ad.systemfall.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5268, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for melbicom-server.site"; dns.query; content:"melbicom-server.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5269, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for villalazza.stream"; dns.query; content:"villalazza.stream"; nocase; fast_pattern; classtype:bad-unknown; sid:27992401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5270, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tkge.tk"; dns.query; content:"tkge.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5271, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns01.hostrocket.com.ua"; dns.query; content:"ns01.hostrocket.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5272, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.m78.asia"; dns.query; content:"dns.m78.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27992404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5273, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.lukemulvaney.com"; dns.query; content:"adguardhome.lukemulvaney.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5274, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.minliny.com"; dns.query; content:"dns.minliny.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5275, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for himika.pnamae.com"; dns.query; content:"himika.pnamae.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5276, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsmurray.de"; dns.query; content:"dnsmurray.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5277, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra.core.access.zznet.fun"; dns.query; content:"fra.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5278, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sin.core.access.zznet.fun"; dns.query; content:"sin.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5279, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd.core.access.zznet.fun"; dns.query; content:"syd.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5280, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.superstefan.ml"; dns.query; content:"dns2.superstefan.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5281, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vdsina.ddns.net"; dns.query; content:"vdsina.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5282, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad2.heronet.nl"; dns.query; content:"ad2.heronet.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5283, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bluecomet.eu.org"; dns.query; content:"bluecomet.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5284, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tartanbahn.eu.org"; dns.query; content:"tartanbahn.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5285, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.haha2048.site"; dns.query; content:"ddns.haha2048.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5286, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ipegg.top"; dns.query; content:"dns.ipegg.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5287, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 82040284cd2.xyz"; dns.query; content:"82040284cd2.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5288, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.pietjacobs.be"; dns.query; content:"dns1.pietjacobs.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27992420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5291, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.henkes.cloud"; dns.query; content:"ns1.henkes.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5292, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaronplayzgaming.com"; dns.query; content:"dns.aaronplayzgaming.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5293, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private-dns.apexverge.com"; dns.query; content:"private-dns.apexverge.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5294, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qlee0001.eastasia.cloudapp.azure.com"; dns.query; content:"qlee0001.eastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5295, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ion.gurupannu.com"; dns.query; content:"ion.gurupannu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5296, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xyz3.jammerxd.dev"; dns.query; content:"xyz3.jammerxd.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5297, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-par-w-1.nashkan.net"; dns.query; content:"fr-par-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5298, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for win-d7snj2gu70b.duckdns.org"; dns.query; content:"win-d7snj2gu70b.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5299, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.goldplate.org"; dns.query; content:"dns.goldplate.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5300, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bebracraft.ru"; dns.query; content:"bebracraft.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5301, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pozitiff4ik.tk"; dns.query; content:"pozitiff4ik.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5302, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.rokh.biz"; dns.query; content:"adg.rokh.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5304, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hermes.ohai.ca"; dns.query; content:"hermes.ohai.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27992433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5305, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.coixia.com"; dns.query; content:"dns.coixia.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5306, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tylavergne.com"; dns.query; content:"dns.tylavergne.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5307, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ext4.in"; dns.query; content:"dns.ext4.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5308, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skrep.in"; dns.query; content:"dns.skrep.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5309, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag01.de.hallmen.it"; dns.query; content:"ag01.de.hallmen.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5310, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.anudeep.me"; dns.query; content:"secure.anudeep.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5311, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darthodroid.duckdns.org"; dns.query; content:"darthodroid.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5312, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beautifulcity.eu.org"; dns.query; content:"beautifulcity.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5313, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.beautifulcity.eu.org"; dns.query; content:"www.beautifulcity.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5314, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adghome.joseph.com.ph"; dns.query; content:"adghome.joseph.com.ph"; nocase; fast_pattern; classtype:bad-unknown; sid:27992443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5315, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for callies-online.site"; dns.query; content:"callies-online.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5316, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bstreso.systems"; dns.query; content:"bstreso.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27992445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5317, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.masrahi.win"; dns.query; content:"adguard.masrahi.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27992446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5318, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hellojonathan.xyz"; dns.query; content:"hellojonathan.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5319, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ublock-dns-resolver-01.swedencentral.cloudapp.azure.com"; dns.query; content:"ublock-dns-resolver-01.swedencentral.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5323, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.nzcow.com"; dns.query; content:"dns3.nzcow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5324, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hva.li"; dns.query; content:"dns.hva.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27992450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5325, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.beliefanx.me"; dns.query; content:"adguard.beliefanx.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5326, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.centralgenerator.net"; dns.query; content:"cloud.centralgenerator.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5327, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.tigrex.net"; dns.query; content:"adguard.tigrex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5328, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.rowie.at"; dns.query; content:"ns3.rowie.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27992454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5329, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for housedenolf.be"; dns.query; content:"housedenolf.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27992455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5330, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.housedenolf.be"; dns.query; content:"dns.housedenolf.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27992456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5331, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for altvpn.ppm.mrhost.biz"; dns.query; content:"altvpn.ppm.mrhost.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5332, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clearweb.woodbridge.club"; dns.query; content:"clearweb.woodbridge.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27992458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5333, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ky2dns.com"; dns.query; content:"ky2dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5334, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for diblock.rnrkurir.com"; dns.query; content:"diblock.rnrkurir.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5335, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpsb.wooy.cool"; dns.query; content:"jpsb.wooy.cool"; nocase; fast_pattern; classtype:bad-unknown; sid:27992461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5336, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ddns.net"; dns.query; content:"adguard.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5337, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mzs1.ddns.net"; dns.query; content:"mzs1.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5338, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-dal-w-3.nashkan.net"; dns.query; content:"us-dal-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5339, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skazu.net"; dns.query; content:"dns.skazu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5340, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.joey01245.nl"; dns.query; content:"dns.joey01245.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5341, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rdekuyper.nl"; dns.query; content:"adguard.rdekuyper.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5342, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kdxu.webredirect.org"; dns.query; content:"kdxu.webredirect.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5343, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dupa.milan.ovh"; dns.query; content:"dupa.milan.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5344, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for volkens.services"; dns.query; content:"volkens.services"; nocase; fast_pattern; classtype:bad-unknown; sid:27992470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5345, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ganzsicherso.tk"; dns.query; content:"ganzsicherso.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5346, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ytpom.tk"; dns.query; content:"dns.ytpom.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5347, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ovpss.top"; dns.query; content:"dns.ovpss.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5348, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for open.dns0.eu"; dns.query; content:"open.dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5349, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns0.eu"; dns.query; content:"dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5350, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zero.dns0.eu"; dns.query; content:"zero.dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5351, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.dns0.eu"; dns.query; content:"kids.dns0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5352, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.moedns.dev"; dns.query; content:"doh.moedns.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5353, updated_at 2023_02_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.rferee.dev"; dns.query; content:"resolver.rferee.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5354, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safeservedns.com"; dns.query; content:"safeservedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5355, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nielsdb.be"; dns.query; content:"dns1.nielsdb.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27992481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5358, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wmapi.cn"; dns.query; content:"wmapi.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5359, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnswebvsn.com"; dns.query; content:"dnswebvsn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5360, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for linodesg2sg2.hujiajun.com"; dns.query; content:"linodesg2sg2.hujiajun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5361, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nudnud.com"; dns.query; content:"nudnud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5362, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chithra.dilli.dev"; dns.query; content:"chithra.dilli.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5364, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.chithra.dilli.dev"; dns.query; content:"www.chithra.dilli.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5365, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private-dns.ddns.net"; dns.query; content:"private-dns.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5372, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lanre.duckdns.org"; dns.query; content:"lanre.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5373, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.plvskiy.ru"; dns.query; content:"adguard.plvskiy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5374, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lephat.xyz"; dns.query; content:"lephat.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5375, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.dentdns.ca"; dns.query; content:"dns1.dentdns.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27992492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5376, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.adguard-server.cf"; dns.query; content:"www.adguard-server.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5377, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oneandonlybubba.cloud"; dns.query; content:"oneandonlybubba.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5378, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.grantbruneau.com"; dns.query; content:"adguard2.grantbruneau.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5379, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.jogjacloud.com"; dns.query; content:"cloud.jogjacloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5380, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.landoranium.de"; dns.query; content:"adg.landoranium.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5381, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chrxmvtik.dev"; dns.query; content:"dns.chrxmvtik.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5382, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for onzero.dev"; dns.query; content:"onzero.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5383, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgp.vpn.i-2.io"; dns.query; content:"sgp.vpn.i-2.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5384, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdns.fatlab.llc"; dns.query; content:"pdns.fatlab.llc"; nocase; fast_pattern; classtype:bad-unknown; sid:27992501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5385, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rjoc.me"; dns.query; content:"dns.rjoc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5386, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls.zhiyou.me"; dns.query; content:"tls.zhiyou.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5387, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.feiyuyu.net"; dns.query; content:"hk.feiyuyu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5388, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ng-lag-w-1.nashkan.net"; dns.query; content:"ng-lag-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5389, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for megacodx.online"; dns.query; content:"megacodx.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5390, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for site-2.duckdns.org"; dns.query; content:"site-2.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5391, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.milys.pl"; dns.query; content:"ad.milys.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5392, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for szyrzyk.pl"; dns.query; content:"szyrzyk.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5393, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.szyrzyk.pl"; dns.query; content:"www.szyrzyk.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5394, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.labs.tk"; dns.query; content:"server.labs.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5395, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra2.eyecay.xyz"; dns.query; content:"fra2.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5396, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.apad.pro"; dns.query; content:"doh.apad.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5397, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-br.leonardo.tec.br"; dns.query; content:"dns-br.leonardo.tec.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27992514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5398, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.dentdns.ca"; dns.query; content:"dns2.dentdns.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27992515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5399, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bc10ef2.online-server.cloud"; dns.query; content:"bc10ef2.online-server.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5400, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnswaden.com"; dns.query; content:"dns.dnswaden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5401, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asia.dnswarden.com"; dns.query; content:"asia.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5402, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dev.dnswarden.com"; dns.query; content:"dev.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5403, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu.dnswarden.com"; dns.query; content:"eu.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5404, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.dnswarden.com"; dns.query; content:"us.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5405, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.homelabapp.com"; dns.query; content:"dns.homelabapp.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5406, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pacificmonster.com"; dns.query; content:"dns.pacificmonster.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5407, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-03.spectrum.com"; dns.query; content:"doh-03.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5408, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dnsforge.de"; dns.query; content:"www.dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5409, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kutovoy.dev"; dns.query; content:"dns.kutovoy.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5410, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast2.servers.censurfridns.dk"; dns.query; content:"unicast2.servers.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5411, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.uncensoreddns.dk"; dns.query; content:"anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5412, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.uncensoreddns.dk"; dns.query; content:"deic-lgb.anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5413, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.uncensoreddns.dk"; dns.query; content:"kracon.anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5414, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.uncensoreddns.dk"; dns.query; content:"rgnet-iad.anycast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5415, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.uncensoreddns.dk"; dns.query; content:"unicast.uncensoreddns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5416, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.perzarys.eu"; dns.query; content:"dns.perzarys.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5417, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for potapov.host"; dns.query; content:"potapov.host"; nocase; fast_pattern; classtype:bad-unknown; sid:27992534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5418, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for h.ra3.in"; dns.query; content:"h.ra3.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5419, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.biryuk.name"; dns.query; content:"dns1.biryuk.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27992536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5420, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gendos.net"; dns.query; content:"gendos.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5421, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sstomp.nl"; dns.query; content:"dns.sstomp.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5422, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.censurfridns.nu"; dns.query; content:"anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5423, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.censurfridns.nu"; dns.query; content:"deic-lgb.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5424, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.censurfridns.nu"; dns.query; content:"deic-ore.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5425, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.censurfridns.nu"; dns.query; content:"kracon.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5426, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.censurfridns.nu"; dns.query; content:"rgnet-iad.anycast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5427, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.censurfridns.nu"; dns.query; content:"unicast.censurfridns.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5428, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jetstream.nz"; dns.query; content:"dns.jetstream.nz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5429, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bushmancastle.duckdns.org"; dns.query; content:"bushmancastle.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5430, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.magnon.duckdns.org"; dns.query; content:"dns.magnon.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5431, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anyycast.uncensoreddns.org"; dns.query; content:"anyycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5432, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yingroad.top"; dns.query; content:"yingroad.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5434, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ora.yingroad.top"; dns.query; content:"ora.yingroad.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5435, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for do-sg.lrdnet.cf"; dns.query; content:"do-sg.lrdnet.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5436, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for layers0flearning.com"; dns.query; content:"layers0flearning.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5437, updated_at 2023_02_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl.galaskar.ga"; dns.query; content:"nl.galaskar.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27992553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5438, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-2.nashkan.net"; dns.query; content:"ae-fuj-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5439, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.sytes.net"; dns.query; content:"dns2.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5440, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.greenwood.eu.org"; dns.query; content:"doh.greenwood.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5441, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.labar.re"; dns.query; content:"dns.labar.re"; nocase; fast_pattern; classtype:bad-unknown; sid:27992557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5442, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.tkdns.ru"; dns.query; content:"ns.tkdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5443, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1and1-dns.de"; dns.query; content:"1and1-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5444, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 233py.com"; dns.query; content:"233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5445, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ahadns.net"; dns.query; content:"ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5469, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for httpdns-sc.aliyuncs.com"; dns.query; content:"httpdns-sc.aliyuncs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5494, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot1.appliedprivacy.net"; dns.query; content:"dot1.appliedprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5499, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.dns.arapurayil.com"; dns.query; content:"2.dnscrypt-cert.dns.arapurayil.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5501, updated_at 2023_07_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.asecdns.com"; dns.query; content:"doh.asecdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5503, updated_at 2023_10_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.asecdns.com"; dns.query; content:"dot.asecdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5504, updated_at 2023_10_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.blahdns.com"; dns.query; content:"2.dnscrypt-cert.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5511, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.captnemo.in"; dns.query; content:"2.dnscrypt-cert.captnemo.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5533, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cleanbrowsing.org"; dns.query; content:"cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5546, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for comss.one"; dns.query; content:"comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5563, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for comss.ru"; dns.query; content:"comss.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5564, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crypto.sx"; dns.query; content:"crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27992572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5577, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.watch"; dns.query; content:"dns.watch"; nocase; fast_pattern; classtype:bad-unknown; sid:27992573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5593, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.shield-2.dnsbycomodo.com"; dns.query; content:"2.dnscrypt-cert.shield-2.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5605, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsforfamily.com"; dns.query; content:"dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5612, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.ffmuc.net"; dns.query; content:"2.dnscrypt-cert.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5644, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fly.io"; dns.query; content:"fly.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5648, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iij.jp"; dns.query; content:"iij.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27992578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5665, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lelux.fi"; dns.query; content:"lelux.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27992579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5674, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.opendns.com"; dns.query; content:"dns.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5709, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.opendns.com"; dns.query; content:"2.dnscrypt-cert.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5710, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.oszx.co"; dns.query; content:"2.dnscrypt-cert.oszx.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27992582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5722, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.pumplex.com"; dns.query; content:"2.dnscrypt-cert.pumplex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5745, updated_at 2023_07_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.quad9.net"; dns.query; content:"2.dnscrypt-cert.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5754, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for switch.ch"; dns.query; content:"switch.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27992585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5780, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iana.tenta.io"; dns.query; content:"iana.tenta.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5784, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic.tenta.io"; dns.query; content:"opennic.tenta.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5785, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.browser.yandex.net"; dns.query; content:"2.dnscrypt-cert.browser.yandex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5807, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.phuctran.cloud"; dns.query; content:"dns.phuctran.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5808, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdns-a.adtech-it.com"; dns.query; content:"rdns-a.adtech-it.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5809, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kingsbestone.com"; dns.query; content:"dns.kingsbestone.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5810, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gate.oliver-pietsch.de"; dns.query; content:"gate.oliver-pietsch.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5811, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v3.passby.ga"; dns.query; content:"v3.passby.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27992593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5812, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.kapuyhome.hu"; dns.query; content:"adguard2.kapuyhome.hu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5813, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.unp.im"; dns.query; content:"server.unp.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27992595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5814, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alpo.me"; dns.query; content:"dns.alpo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5815, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xantirealityx.net"; dns.query; content:"xantirealityx.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5816, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.xantirealityx.net"; dns.query; content:"www.xantirealityx.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5817, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rauladguard.online"; dns.query; content:"rauladguard.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5818, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 360dns.pub"; dns.query; content:"360dns.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27992600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5819, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1552270.hosted-by-vdsina.ru"; dns.query; content:"v1552270.hosted-by-vdsina.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5820, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ro0t.us"; dns.query; content:"adguard.ro0t.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5821, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mg.zbr2464.buzz"; dns.query; content:"mg.zbr2464.buzz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5822, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkd.nicefly2099.cf"; dns.query; content:"hkd.nicefly2099.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5823, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mokyun.cn"; dns.query; content:"dns.mokyun.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5824, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dominatrix.brandonsli.com"; dns.query; content:"dominatrix.brandonsli.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5825, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.domsku.com"; dns.query; content:"dns.domsku.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5826, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.izzledudetech.com"; dns.query; content:"guard.izzledudetech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5827, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.guard.izzledudetech.com"; dns.query; content:"www.guard.izzledudetech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5828, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgs03.just-a-web.com"; dns.query; content:"sgs03.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5829, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.michiganska.com"; dns.query; content:"www.michiganska.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5830, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for justfor.myasustor.com"; dns.query; content:"justfor.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5831, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pistada.com"; dns.query; content:"pistada.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5832, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vishalk.com"; dns.query; content:"dns.vishalk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5833, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xxdtl.com"; dns.query; content:"xxdtl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5834, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hhhk.wooy.cool"; dns.query; content:"hhhk.wooy.cool"; nocase; fast_pattern; classtype:bad-unknown; sid:27992616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5835, updated_at 2023_03_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zak.ath.cx"; dns.query; content:"zak.ath.cx"; nocase; fast_pattern; classtype:bad-unknown; sid:27992617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5836, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for birnenwasser.ddnss.de"; dns.query; content:"birnenwasser.ddnss.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5837, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mumble.ddnss.de"; dns.query; content:"mumble.ddnss.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5838, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ourcraft.ddnss.de"; dns.query; content:"ourcraft.ddnss.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5839, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for soeding.ddnss.de"; dns.query; content:"soeding.ddnss.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5840, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for matrix.soeding.ddnss.de"; dns.query; content:"matrix.soeding.ddnss.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5841, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for routerdieb-dns.de"; dns.query; content:"routerdieb-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5842, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p549314cd.dip0.t-ipconnect.de"; dns.query; content:"p549314cd.dip0.t-ipconnect.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5843, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.laiwenbo.icu"; dns.query; content:"dns.laiwenbo.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5844, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-uk.su4ka.icu"; dns.query; content:"dns-uk.su4ka.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5845, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for standard.kxy.ink"; dns.query; content:"standard.kxy.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27992627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5846, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.30x.me"; dns.query; content:"doh.30x.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5847, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.biryuk.name"; dns.query; content:"dns2.biryuk.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27992629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5848, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sitomatteomistri666.ddns.net"; dns.query; content:"sitomatteomistri666.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5849, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vn-hcm-w-1.nashkan.net"; dns.query; content:"vn-hcm-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5850, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private.sunday.eu.org"; dns.query; content:"private.sunday.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5851, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.freyja.pw"; dns.query; content:"dns.freyja.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5852, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for andrei-se.ru"; dns.query; content:"andrei-se.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5853, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.andrei-se.ru"; dns.query; content:"www.andrei-se.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5854, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1550018.hosted-by-vdsina.ru"; dns.query; content:"v1550018.hosted-by-vdsina.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5855, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.717.social"; dns.query; content:"dns.717.social"; nocase; fast_pattern; classtype:bad-unknown; sid:27992637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5856, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wallymna.space"; dns.query; content:"wallymna.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5857, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oryx.wallymna.space"; dns.query; content:"oryx.wallymna.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5858, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.1662001.xyz"; dns.query; content:"hk.1662001.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5859, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr.68360612.xyz"; dns.query; content:"kr.68360612.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5860, updated_at 2023_07_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.eximpius.xyz"; dns.query; content:"adguard.eximpius.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5861, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.radiac.xyz"; dns.query; content:"www.radiac.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5862, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adenvps.cf"; dns.query; content:"adenvps.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5863, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.karmanet.ch"; dns.query; content:"dns2.karmanet.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27992645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5864, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xkariak.asuscomm.com"; dns.query; content:"xkariak.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5865, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.glorydns.com"; dns.query; content:"dns.glorydns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5866, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.irumatech.com"; dns.query; content:"dns.irumatech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5867, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for new.nhunor.com"; dns.query; content:"new.nhunor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5868, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.robinlanckman.com"; dns.query; content:"adblock.robinlanckman.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5869, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.emekm.fr"; dns.query; content:"ad.emekm.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5870, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb-wan.xaoimoon.fr"; dns.query; content:"adb-wan.xaoimoon.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5871, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shybbw.myz.info"; dns.query; content:"shybbw.myz.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5872, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rootserver.live"; dns.query; content:"rootserver.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27992654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5873, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.freegod.ml"; dns.query; content:"block.freegod.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5874, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for georgia.ddns.net"; dns.query; content:"georgia.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5875, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mavrikk.duckdns.org"; dns.query; content:"mavrikk.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5876, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fezgate.ovh"; dns.query; content:"fezgate.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5877, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.l337.site"; dns.query; content:"dns.l337.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5878, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moesite.top"; dns.query; content:"dns.moesite.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5879, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for onevps-dns.pivb.vip"; dns.query; content:"onevps-dns.pivb.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27992661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5880, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.240601.xyz"; dns.query; content:"dns.240601.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5881, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gcplog.seggs.cn"; dns.query; content:"gcplog.seggs.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5882, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for feelnosorry.com"; dns.query; content:"feelnosorry.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5883, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.feelnosorry.com"; dns.query; content:"www.feelnosorry.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5884, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for statistics.larryvpn.com"; dns.query; content:"statistics.larryvpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5885, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.crowsnest.id"; dns.query; content:"ag.crowsnest.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5886, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pliszka.ml"; dns.query; content:"pliszka.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5887, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dvaguirredns1.ddns.net"; dns.query; content:"dvaguirredns1.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5888, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mkrepair.ddns.net"; dns.query; content:"mkrepair.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5889, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chenc79.online"; dns.query; content:"chenc79.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5890, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wolfdogcat.online"; dns.query; content:"wolfdogcat.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5891, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for davidcampos.duckdns.org"; dns.query; content:"davidcampos.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5892, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aqua.is.my.waifu.cz"; dns.query; content:"aqua.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5893, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id.lkbin.ga"; dns.query; content:"id.lkbin.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27992675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5894, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rohanjain.in"; dns.query; content:"dns.rohanjain.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5895, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-4.nashkan.net"; dns.query; content:"ae-fuj-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5896, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lampedns.bagmeijer.nl"; dns.query; content:"lampedns.bagmeijer.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5897, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvs.duckdns.org"; dns.query; content:"dnsvs.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5898, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for saruman.freeddns.org"; dns.query; content:"saruman.freeddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5899, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filter.chyperx.cc"; dns.query; content:"filter.chyperx.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27992681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5900, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for friend.bedro.cloud"; dns.query; content:"friend.bedro.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5901, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.knitish.dev"; dns.query; content:"dns.knitish.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5902, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.nbvalente.fr"; dns.query; content:"vpn.nbvalente.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5903, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rrinformatica.it"; dns.query; content:"dns.rrinformatica.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5904, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nt63.me"; dns.query; content:"dns.nt63.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5905, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alpha1.jnraptor.net"; dns.query; content:"alpha1.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5906, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.just-hosting.net"; dns.query; content:"dns.just-hosting.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5907, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-o-2.nashkan.net"; dns.query; content:"de-fsn-o-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5908, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-23.nashkan.net"; dns.query; content:"de-fsn-w-23.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5909, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pinus-test.aeza.network"; dns.query; content:"pinus-test.aeza.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5910, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bropines.online"; dns.query; content:"bropines.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5911, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cleandns.tk"; dns.query; content:"cleandns.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5912, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr1.eastjoin.tk"; dns.query; content:"fr1.eastjoin.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5913, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.viatech.com.tw"; dns.query; content:"doh.viatech.com.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5914, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s.960423.xyz"; dns.query; content:"s.960423.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5915, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lusk.xyz"; dns.query; content:"dns.lusk.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5916, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for virga.pp.ua"; dns.query; content:"virga.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5917, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ymv8.cn"; dns.query; content:"dns.ymv8.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5919, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for singapore.fuckll.com"; dns.query; content:"singapore.fuckll.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5920, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homedns.gumeniuk.com"; dns.query; content:"homedns.gumeniuk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5921, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pestemedie.silviustroe.com"; dns.query; content:"pestemedie.silviustroe.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5922, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sunnygyl.com"; dns.query; content:"sunnygyl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5923, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.loony-tech.de"; dns.query; content:"dns.loony-tech.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5924, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abovetheclouds.fun"; dns.query; content:"abovetheclouds.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5925, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.dscw.io"; dns.query; content:"ad.dscw.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5926, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for serveur-yan.synology.me"; dns.query; content:"serveur-yan.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5927, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas-t1.ddns.net"; dns.query; content:"nas-t1.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5928, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-22.nashkan.net"; dns.query; content:"de-fsn-w-22.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5929, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for offermans.net"; dns.query; content:"offermans.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5930, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pawitra.net"; dns.query; content:"dns.pawitra.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5931, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lux.sn0w.nl"; dns.query; content:"lux.sn0w.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5932, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hkg.hytec.org"; dns.query; content:"hkg.hytec.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5933, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard.beltoev.ru"; dns.query; content:"dns.adguard.beltoev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5934, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pc.dns.adguard.beltoev.ru"; dns.query; content:"pc.dns.adguard.beltoev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5935, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for phone.dns.adguard.beltoev.ru"; dns.query; content:"phone.dns.adguard.beltoev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5936, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for router.dns.adguard.beltoev.ru"; dns.query; content:"router.dns.adguard.beltoev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5937, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for user1.dns.adguard.beltoev.ru"; dns.query; content:"user1.dns.adguard.beltoev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5938, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for user2.dns.adguard.beltoev.ru"; dns.query; content:"user2.dns.adguard.beltoev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5939, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for user3.dns.adguard.beltoev.ru"; dns.query; content:"user3.dns.adguard.beltoev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5940, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for user4.dns.adguard.beltoev.ru"; dns.query; content:"user4.dns.adguard.beltoev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5941, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for user5.dns.adguard.beltoev.ru"; dns.query; content:"user5.dns.adguard.beltoev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5942, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.adguard.beltoev.ru"; dns.query; content:"www.dns.adguard.beltoev.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5943, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.adguardhome.site"; dns.query; content:"doh.adguardhome.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5944, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.haoqing.site"; dns.query; content:"adh.haoqing.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5945, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for phucbui.top"; dns.query; content:"phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5946, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.phucbui.top"; dns.query; content:"dns.phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5947, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.phucbui.top"; dns.query; content:"home.phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5948, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seedboxhome.phucbui.top"; dns.query; content:"seedboxhome.phucbui.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5949, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for urology.wiki"; dns.query; content:"urology.wiki"; nocase; fast_pattern; classtype:bad-unknown; sid:27992730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5950, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.urology.wiki"; dns.query; content:"www.urology.wiki"; nocase; fast_pattern; classtype:bad-unknown; sid:27992731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5951, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ray3.wewa.work"; dns.query; content:"ray3.wewa.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27992732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5952, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cases.works"; dns.query; content:"dns.cases.works"; nocase; fast_pattern; classtype:bad-unknown; sid:27992733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5953, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lilis.xin"; dns.query; content:"adguard.lilis.xin"; nocase; fast_pattern; classtype:bad-unknown; sid:27992734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5954, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.chanhome.xyz"; dns.query; content:"adguard.chanhome.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5955, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.jogjacloud.com"; dns.query; content:"vpn.jogjacloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5956, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kyjiep.com"; dns.query; content:"kyjiep.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5957, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for piotrsobczak.com"; dns.query; content:"piotrsobczak.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5958, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dockernet.vpsburti.com"; dns.query; content:"dockernet.vpsburti.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5959, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vsrv15195.customer.xenway.de"; dns.query; content:"vsrv15195.customer.xenway.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5960, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for na-texas-adguard-01.joshsevero.dev"; dns.query; content:"na-texas-adguard-01.joshsevero.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5961, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for torresdelarosa.dev"; dns.query; content:"torresdelarosa.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5962, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.basthorst.eu"; dns.query; content:"home.basthorst.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5963, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.briac-mlb.fr"; dns.query; content:"dns.briac-mlb.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5964, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.spyrisk.fr"; dns.query; content:"adguard.spyrisk.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5965, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nrt.core.access.zznet.fun"; dns.query; content:"nrt.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5966, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pg.web-rated.ie"; dns.query; content:"pg.web-rated.ie"; nocase; fast_pattern; classtype:bad-unknown; sid:27992747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5967, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ban.ppppppeeesss.info"; dns.query; content:"ban.ppppppeeesss.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5968, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for defsnldns01.sc-hosting.info"; dns.query; content:"defsnldns01.sc-hosting.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5969, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ivyeori.live"; dns.query; content:"dns.ivyeori.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27992750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5970, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dakulov.synology.me"; dns.query; content:"dakulov.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5971, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.nguyenhoadev.ml"; dns.query; content:"adguardhome.nguyenhoadev.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5972, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsadguard.ddns.net"; dns.query; content:"dnsadguard.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5973, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bg-sof-w-3.nashkan.net"; dns.query; content:"bg-sof-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5974, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-31.nashkan.net"; dns.query; content:"de-fsn-w-31.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5975, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for k-s-edition.ru"; dns.query; content:"k-s-edition.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5976, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vladpro.ru"; dns.query; content:"vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5977, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vladpro.ru"; dns.query; content:"dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5978, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.dns.vladpro.ru"; dns.query; content:"family.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5979, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for matvey.dns.vladpro.ru"; dns.query; content:"matvey.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5980, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nastya.dns.vladpro.ru"; dns.query; content:"nastya.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5981, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.dns.vladpro.ru"; dns.query; content:"noads.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5982, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vlad.dns.vladpro.ru"; dns.query; content:"vlad.dns.vladpro.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5983, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bbbtest.site"; dns.query; content:"bbbtest.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27992764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5984, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muyvsr.top"; dns.query; content:"muyvsr.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5985, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rasp.tv"; dns.query; content:"dns.rasp.tv"; nocase; fast_pattern; classtype:bad-unknown; sid:27992766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5986, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sidot.xyz"; dns.query; content:"dns.sidot.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5988, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tticus.art"; dns.query; content:"dns.tticus.art"; nocase; fast_pattern; classtype:bad-unknown; sid:27992768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5989, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.1.bsh4.com"; dns.query; content:"dns.1.bsh4.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5990, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for racinas.com"; dns.query; content:"racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5991, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.racinas.com"; dns.query; content:"adguard.racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5992, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for git.racinas.com"; dns.query; content:"git.racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5993, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for router.racinas.com"; dns.query; content:"router.racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5994, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sync-danielius.racinas.com"; dns.query; content:"sync-danielius.racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5995, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sync-moisejus.racinas.com"; dns.query; content:"sync-moisejus.racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5996, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sync-sigita.racinas.com"; dns.query; content:"sync-sigita.racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5997, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sync-simonas.racinas.com"; dns.query; content:"sync-simonas.racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5998, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for terminal.racinas.com"; dns.query; content:"terminal.racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5999, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for torrents.racinas.com"; dns.query; content:"torrents.racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6000, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vanced.racinas.com"; dns.query; content:"vanced.racinas.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6001, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jonasdevries.de"; dns.query; content:"jonasdevries.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6002, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hanahira.dev"; dns.query; content:"dns.hanahira.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6003, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bytant.link"; dns.query; content:"bytant.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6004, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gochance.link"; dns.query; content:"dns.gochance.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6005, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.carter.me"; dns.query; content:"dns.carter.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6006, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.erebur.net"; dns.query; content:"dns.erebur.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6007, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-21.nashkan.net"; dns.query; content:"de-fsn-w-21.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6008, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-32.nashkan.net"; dns.query; content:"de-fsn-w-32.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6009, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-33.nashkan.net"; dns.query; content:"de-fsn-w-33.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6010, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for next.miao.ninja"; dns.query; content:"next.miao.ninja"; nocase; fast_pattern; classtype:bad-unknown; sid:27992790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6011, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.fleuryk.ovh"; dns.query; content:"vps.fleuryk.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6012, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.myhomelab.tech"; dns.query; content:"adguard.myhomelab.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27992792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6013, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cytrynowepole.tk"; dns.query; content:"adguard.cytrynowepole.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6014, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t4.240130034.xyz"; dns.query; content:"t4.240130034.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6015, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lfac.xyz"; dns.query; content:"dns.lfac.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6016, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 0099domain.ecuplshsj.cn"; dns.query; content:"0099domain.ecuplshsj.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6017, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bvo.giize.com"; dns.query; content:"bvo.giize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6018, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgs01.just-a-web.com"; dns.query; content:"sgs01.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6019, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mo0on15.com"; dns.query; content:"mo0on15.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6020, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.msr177.com"; dns.query; content:"dns.msr177.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6021, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdns.uplenk.com"; dns.query; content:"sdns.uplenk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6022, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vallecerroazul.com"; dns.query; content:"vallecerroazul.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6023, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mysvc.de"; dns.query; content:"dns.mysvc.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6024, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jinwoo.dev"; dns.query; content:"dns.jinwoo.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6025, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aimuz.me"; dns.query; content:"aimuz.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6026, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cristianocosta.me"; dns.query; content:"cristianocosta.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6027, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kz-alm-w-1.nashkan.net"; dns.query; content:"kz-alm-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6028, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.elashri.xyz"; dns.query; content:"adguard.elashri.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6029, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aizi.app"; dns.query; content:"aizi.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27992809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6030, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.aizi.app"; dns.query; content:"www.aizi.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27992810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6031, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.ovpn.bond"; dns.query; content:"www.ovpn.bond"; nocase; fast_pattern; classtype:bad-unknown; sid:27992811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6032, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.h0me.cc"; dns.query; content:"dns.h0me.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27992812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6033, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.plop.cc"; dns.query; content:"doh.plop.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27992813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6034, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neelhatesads.cf"; dns.query; content:"neelhatesads.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6035, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lilith.cloud"; dns.query; content:"dns.lilith.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6036, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls.vietguards.cloud"; dns.query; content:"tls.vietguards.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6037, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yatesfamily.cloud"; dns.query; content:"yatesfamily.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6038, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for heoyun.com"; dns.query; content:"heoyun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6039, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mikrotikrumahan.my.id"; dns.query; content:"dns.mikrotikrumahan.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6040, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ir.deghy.ir"; dns.query; content:"ir.deghy.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6041, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for axell24.ml"; dns.query; content:"axell24.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6042, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.axell24.ml"; dns.query; content:"www.axell24.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6043, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.demaks.org"; dns.query; content:"adguard.demaks.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6044, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ksedns.ru"; dns.query; content:"ksedns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6045, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.yps.tw"; dns.query; content:"guard.yps.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6046, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t1c.240130034.xyz"; dns.query; content:"t1c.240130034.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6047, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qlee.eastasia.cloudapp.azure.com"; dns.query; content:"qlee.eastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6048, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.blogcuahieu.com"; dns.query; content:"adh.blogcuahieu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6049, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for madrid.ciscofreak.com"; dns.query; content:"madrid.ciscofreak.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6050, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.green1052.com"; dns.query; content:"adguard.green1052.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6051, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.imbuffering.com"; dns.query; content:"noads.imbuffering.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6052, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jstockley.com"; dns.query; content:"dns.jstockley.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6053, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maomengte.com"; dns.query; content:"dns.maomengte.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6054, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for box.negaforce.com"; dns.query; content:"box.negaforce.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6055, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clearnet.zerologdns.com"; dns.query; content:"clearnet.zerologdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6056, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zerologdns.com"; dns.query; content:"dns.zerologdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6057, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.wooy.cool"; dns.query; content:"hk.wooy.cool"; nocase; fast_pattern; classtype:bad-unknown; sid:27992837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6058, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.dzarlax.dev"; dns.query; content:"vpn.dzarlax.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6059, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.almir1904.eu"; dns.query; content:"doh2.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6060, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydevpn.eu"; dns.query; content:"mydevpn.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6061, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wg.req1.fr"; dns.query; content:"wg.req1.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6062, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hoofoo.icu"; dns.query; content:"hoofoo.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6063, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sbstructure.ir"; dns.query; content:"dns.sbstructure.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6064, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dclab.live"; dns.query; content:"dclab.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27992844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6065, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xyzz.live"; dns.query; content:"dns.xyzz.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27992845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6066, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ahmgam.me"; dns.query; content:"dns.ahmgam.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6067, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kenit.me"; dns.query; content:"kenit.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6068, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oculta.me"; dns.query; content:"oculta.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6069, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.root.me"; dns.query; content:"dns.root.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6070, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filmgardi.ml"; dns.query; content:"filmgardi.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6071, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.slynx.net"; dns.query; content:"ns.slynx.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6072, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for name.wehao.net"; dns.query; content:"name.wehao.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6073, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for smtp.greppie.nl"; dns.query; content:"smtp.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6074, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpnhellings.nl"; dns.query; content:"vpnhellings.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6075, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vpnhellings.nl"; dns.query; content:"www.vpnhellings.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6076, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.yuzi.one"; dns.query; content:"adg.yuzi.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6077, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-family.duckdns.org"; dns.query; content:"dns-family.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6078, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for siyazia.duckdns.org"; dns.query; content:"siyazia.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6079, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gambini.org"; dns.query; content:"adguard.gambini.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6080, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.energized.pro"; dns.query; content:"dns.energized.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6081, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dehb.ru"; dns.query; content:"dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6082, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dehb.ru"; dns.query; content:"adguard.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6083, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for audio.dehb.ru"; dns.query; content:"audio.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6084, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for calendar.dehb.ru"; dns.query; content:"calendar.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6085, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for contacts.dehb.ru"; dns.query; content:"contacts.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6086, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for download.dehb.ru"; dns.query; content:"download.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6087, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drive.dehb.ru"; dns.query; content:"drive.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6088, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for file.dehb.ru"; dns.query; content:"file.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6089, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.dehb.ru"; dns.query; content:"mail.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6090, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.dehb.ru"; dns.query; content:"nas.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6091, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for note.dehb.ru"; dns.query; content:"note.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6092, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for photo.dehb.ru"; dns.query; content:"photo.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6093, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surve.dehb.ru"; dns.query; content:"surve.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6094, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dehb.ru"; dns.query; content:"www.dehb.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6095, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-ams.pdf-docs.ru"; dns.query; content:"dns-ams.pdf-docs.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6096, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skillzdns.ru"; dns.query; content:"skillzdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6097, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.skillzdns.ru"; dns.query; content:"www.skillzdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6098, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server-way.tk"; dns.query; content:"server-way.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6099, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kn10.top"; dns.query; content:"www.kn10.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6100, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cattery.noddos.top"; dns.query; content:"cattery.noddos.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6101, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skioso.top"; dns.query; content:"skioso.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6102, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vcdriy.top"; dns.query; content:"vcdriy.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6103, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.xinfeng16m.top"; dns.query; content:"agh.xinfeng16m.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6104, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.korzhyk.pp.ua"; dns.query; content:"dns.korzhyk.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6105, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.101818.xyz"; dns.query; content:"hk.101818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6106, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-br.dnsflex.com"; dns.query; content:"doh-lb-br.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6107, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-gb.dnsflex.com"; dns.query; content:"doh-lb-gb.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6108, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-ca-tor.dnsflex.com"; dns.query; content:"doh-lb-ca-tor.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6109, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-tr.dnsflex.com"; dns.query; content:"doh-lb-tr.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6110, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-sg.dnsflex.com"; dns.query; content:"doh-lb-sg.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6111, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-in.dnsflex.com"; dns.query; content:"doh-lb-in.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6112, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-atl.dnsflex.com"; dns.query; content:"doh-lb-atl.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6113, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-lb-de.dnsflex.com"; dns.query; content:"doh-lb-de.dnsflex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6114, updated_at 2023_03_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.simplylinux.ch"; dns.query; content:"dns.simplylinux.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27992894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6115, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail-ext.extrageneric.com"; dns.query; content:"mail-ext.extrageneric.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6124, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nielsenhost.dk"; dns.query; content:"adguard.nielsenhost.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6125, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for derowd.freeboxos.fr"; dns.query; content:"derowd.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6126, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.teaminfo.fr"; dns.query; content:"dns.teaminfo.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6127, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg2.felhocskek.hu"; dns.query; content:"adg2.felhocskek.hu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6128, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk.heikwan.tech"; dns.query; content:"uk.heikwan.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27992900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6129, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mattiafenzi.uk"; dns.query; content:"adguard.mattiafenzi.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6130, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.iscx.xyz"; dns.query; content:"i.iscx.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6131, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.23-4.cn"; dns.query; content:"dns.23-4.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6132, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akr177.com"; dns.query; content:"akr177.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6133, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.homedevenv.com"; dns.query; content:"ag.homedevenv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6134, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dvaguirredns2.ddns.net"; dns.query; content:"dvaguirredns2.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6135, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.netrve.net"; dns.query; content:"dns.netrve.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6136, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.sytes.net"; dns.query; content:"dns1.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6137, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eweyo-de1.duckdns.org"; dns.query; content:"eweyo-de1.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6138, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alihk-dns.itbbs.org"; dns.query; content:"alihk-dns.itbbs.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6139, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dream-hosting.ovh"; dns.query; content:"dns.dream-hosting.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6140, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudyun.top"; dns.query; content:"dns.cloudyun.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6141, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.huseynov.work"; dns.query; content:"dns.huseynov.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27992913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6142, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.karmanet.ch"; dns.query; content:"dns.karmanet.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27992914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6143, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kolar-it.com"; dns.query; content:"dns.kolar-it.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6144, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cserv4.schantl.io"; dns.query; content:"cserv4.schantl.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6145, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.pragmasec.nl"; dns.query; content:"home.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6146, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fufaka-dns.pro"; dns.query; content:"fufaka-dns.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6147, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-public.ibakerserver.pt"; dns.query; content:"dns-public.ibakerserver.pt"; nocase; fast_pattern; classtype:bad-unknown; sid:27992919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6148, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lmkatest.ru"; dns.query; content:"lmkatest.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6149, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.lmkatest.ru"; dns.query; content:"www.lmkatest.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6150, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hi.greatpiller.shop"; dns.query; content:"hi.greatpiller.shop"; nocase; fast_pattern; classtype:bad-unknown; sid:27992922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6151, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fsrv.waltercasanova.tech"; dns.query; content:"fsrv.waltercasanova.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27992923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6152, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vietdns.vn"; dns.query; content:"dns.vietdns.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6153, updated_at 2023_03_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.vietdns.vn"; dns.query; content:"kids.vietdns.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6154, updated_at 2023_03_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bastnet.co"; dns.query; content:"bastnet.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27992926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6155, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bastnet.co"; dns.query; content:"dns.bastnet.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27992927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6156, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnspod.clzapp.com"; dns.query; content:"dnspod.clzapp.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6157, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cryptomize.com"; dns.query; content:"dns.cryptomize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6158, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.vpnglobal.my.id"; dns.query; content:"doh.vpnglobal.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6159, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sems.org"; dns.query; content:"adguard.sems.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6160, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ivnkn.xyz"; dns.query; content:"ivnkn.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6163, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oracle5.losfa.xyz"; dns.query; content:"oracle5.losfa.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6164, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bili.cccc.cyou"; dns.query; content:"bili.cccc.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27992934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6165, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.kyashi.fun"; dns.query; content:"agh.kyashi.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6166, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for siddeus.synology.me"; dns.query; content:"siddeus.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6167, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.techeasy.org"; dns.query; content:"dns1.techeasy.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6168, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myownadguard.ovh"; dns.query; content:"myownadguard.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6169, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jaye.sh"; dns.query; content:"adguard.jaye.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27992939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6170, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guilherme.tec.br"; dns.query; content:"guilherme.tec.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27992940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6171, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lildinosaur.com"; dns.query; content:"dns.lildinosaur.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6172, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.herry.dev"; dns.query; content:"adg.herry.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6173, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aurora.dns.aq.lu"; dns.query; content:"aurora.dns.aq.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6174, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dk-cop-w-1.nashkan.net"; dns.query; content:"dk-cop-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6175, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sitecreation.biz.ua"; dns.query; content:"sitecreation.biz.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6176, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.mole.cf"; dns.query; content:"a.mole.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6746, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yyaan.com"; dns.query; content:"yyaan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6747, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yyaan.com"; dns.query; content:"dns.yyaan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6748, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.10yusufahmad.my.id"; dns.query; content:"doh.10yusufahmad.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6749, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.5ive.net"; dns.query; content:"dns.5ive.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6750, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mars.pccoach.nl"; dns.query; content:"mars.pccoach.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6751, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spns.pro"; dns.query; content:"spns.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6752, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.spns.pro"; dns.query; content:"www.spns.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6753, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mapor.co"; dns.query; content:"adguard.mapor.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27992954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6754, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.mubibai.com"; dns.query; content:"sg.mubibai.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6755, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for solution.w10.life"; dns.query; content:"solution.w10.life"; nocase; fast_pattern; classtype:bad-unknown; sid:27992956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6756, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amgr.ddns.net"; dns.query; content:"amgr.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6757, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.one23.one"; dns.query; content:"ddns.one23.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6758, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thebeloveduck.duckdns.org"; dns.query; content:"thebeloveduck.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6759, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akaboom.ru"; dns.query; content:"akaboom.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6760, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kyjiep.space"; dns.query; content:"kyjiep.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6761, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for host.dlun.tk"; dns.query; content:"host.dlun.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6762, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for belfort.fltn.us"; dns.query; content:"belfort.fltn.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6763, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-01.hir.app"; dns.query; content:"dns-01.hir.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27992964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6769, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hitmw.cn"; dns.query; content:"dns.hitmw.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6770, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for batcavenetwork.com"; dns.query; content:"batcavenetwork.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6771, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hung-quach.com"; dns.query; content:"dns.hung-quach.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6772, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pakkalin.com"; dns.query; content:"dns.pakkalin.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6773, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nextcloudend.info"; dns.query; content:"dns2.nextcloudend.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6774, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.clroot.io"; dns.query; content:"adguard.clroot.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6775, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblockdns.live"; dns.query; content:"adblockdns.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27992971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6776, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jenanga.ipv64.net"; dns.query; content:"jenanga.ipv64.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6777, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2wired.hopto.org"; dns.query; content:"2wired.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6778, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wpice.ru"; dns.query; content:"dns.wpice.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6779, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.wpice.ru"; dns.query; content:"www.dns.wpice.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6780, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ebner.tech"; dns.query; content:"dns.ebner.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27992976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6781, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.weixin.qq.com.cn"; dns.query; content:"dns.weixin.qq.com.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6782, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for httpdns.meituan.com"; dns.query; content:"httpdns.meituan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6783, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nukys.ca"; dns.query; content:"doh.nukys.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27992979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6785, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.permafrostmiami.com"; dns.query; content:"dns1.permafrostmiami.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6786, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardpublic01.rflinvestments.com"; dns.query; content:"adguardpublic01.rflinvestments.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6787, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.samutz.com"; dns.query; content:"cloud.samutz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6788, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for novikovfamily.info"; dns.query; content:"novikovfamily.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6789, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.krishanshamod.live"; dns.query; content:"dns.krishanshamod.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27992984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6790, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.hjk.me"; dns.query; content:"ns.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6791, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resov.wehao.net"; dns.query; content:"resov.wehao.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6792, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloud.ionutl.ro"; dns.query; content:"dns.cloud.ionutl.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6793, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cyliu.idv.tw"; dns.query; content:"cyliu.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6794, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsza.com"; dns.query; content:"dnsza.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6795, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dnsza.com"; dns.query; content:"www.dnsza.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6796, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.luan.contact"; dns.query; content:"dns2.luan.contact"; nocase; fast_pattern; classtype:bad-unknown; sid:27992991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6797, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.an2kin.cyou"; dns.query; content:"mydns.an2kin.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27992992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6798, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mustafar.es"; dns.query; content:"mustafar.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27992993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6799, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for void-gate.irre.li"; dns.query; content:"void-gate.irre.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27992994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6800, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-privacy.puregeni.us"; dns.query; content:"dns-privacy.puregeni.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6801, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for glory.of.god.9l3.com"; dns.query; content:"glory.of.god.9l3.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6802, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hinytz.com"; dns.query; content:"dns.hinytz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6803, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ilhamsyahids.com"; dns.query; content:"dns.ilhamsyahids.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6804, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.srv-home.fr"; dns.query; content:"dns2.srv-home.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6805, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.micro.alloxr.info"; dns.query; content:"dns.micro.alloxr.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6806, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rkjha.com.np"; dns.query; content:"dns.rkjha.com.np"; nocase; fast_pattern; classtype:bad-unknown; sid:27993001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6807, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.sakhwow.ru"; dns.query; content:"vpn.sakhwow.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6808, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguarddomain515364.com"; dns.query; content:"adguarddomain515364.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6809, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pacificrack.rczcm.com"; dns.query; content:"pacificrack.rczcm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6810, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sa-sa.eu"; dns.query; content:"doh.sa-sa.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6811, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.fiberplus.id"; dns.query; content:"doh.fiberplus.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27993006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6812, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.ota.moe"; dns.query; content:"adguard2.ota.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27993007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6813, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard3.ota.moe"; dns.query; content:"adguard3.ota.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27993008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6814, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhom.ddns.net"; dns.query; content:"adguardhom.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6815, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps2.jnraptor.net"; dns.query; content:"vps2.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6816, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardo.viewdns.net"; dns.query; content:"adguardo.viewdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6817, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zakshinovh.duckdns.org"; dns.query; content:"zakshinovh.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6818, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adtec.aidentec.top"; dns.query; content:"adtec.aidentec.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6819, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tarni.pp.ua"; dns.query; content:"tarni.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27993014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6820, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sarak.as"; dns.query; content:"dns.sarak.as"; nocase; fast_pattern; classtype:bad-unknown; sid:27993015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6822, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.sarak.as"; dns.query; content:"dns1.sarak.as"; nocase; fast_pattern; classtype:bad-unknown; sid:27993016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6823, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.sarak.as"; dns.query; content:"dns2.sarak.as"; nocase; fast_pattern; classtype:bad-unknown; sid:27993017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6824, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ozgo.info"; dns.query; content:"dns.ozgo.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6825, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.proximit.org"; dns.query; content:"dns.proximit.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6826, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for meiju444.tk"; dns.query; content:"meiju444.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6827, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.meiju444.tk"; dns.query; content:"www.meiju444.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6828, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ocp.cincloud.top"; dns.query; content:"ocp.cincloud.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6829, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t.jimmy.best"; dns.query; content:"t.jimmy.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27993023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6830, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ys.cloud-sekeng.com"; dns.query; content:"ys.cloud-sekeng.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6831, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.juancamos.com"; dns.query; content:"dns.juancamos.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6832, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.patrickbianchi.com"; dns.query; content:"dns.patrickbianchi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6833, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wellstsai.com"; dns.query; content:"dns.wellstsai.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6834, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mikatos.de"; dns.query; content:"mikatos.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6835, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.baltes.info"; dns.query; content:"adguard.baltes.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6836, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for selsby.info"; dns.query; content:"selsby.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6837, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for catdns.org"; dns.query; content:"catdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6838, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lululujp.eu.org"; dns.query; content:"doh.lululujp.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6839, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fly.flylcc.cc"; dns.query; content:"fly.flylcc.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27993033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6840, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for donghovietkid.cloud"; dns.query; content:"donghovietkid.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6841, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.daddyparodz.com"; dns.query; content:"dns.daddyparodz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6842, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kellerbier-home.de"; dns.query; content:"kellerbier-home.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6843, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azbs.ddmm.eu.org"; dns.query; content:"azbs.ddmm.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6844, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noaaf500.site"; dns.query; content:"noaaf500.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27993038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6845, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for teslacoils.org.uk"; dns.query; content:"teslacoils.org.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6846, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tokyodns.songnguyen.name.vn"; dns.query; content:"tokyodns.songnguyen.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6847, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.crop3ox.website"; dns.query; content:"dns.crop3ox.website"; nocase; fast_pattern; classtype:bad-unknown; sid:27993041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6848, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sh.telex.app"; dns.query; content:"sh.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27993042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6849, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adghs.de"; dns.query; content:"adghs.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6850, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure-4ud.de"; dns.query; content:"secure-4ud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6851, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-3.nashkan.net"; dns.query; content:"ae-fuj-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6852, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv-rig-w-2.nashkan.net"; dns.query; content:"lv-rig-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6853, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ro-buc-w-2.nashkan.net"; dns.query; content:"ro-buc-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6854, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-4.nashkan.net"; dns.query; content:"us-chi-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6855, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-1.tegant.net"; dns.query; content:"de-fsn-w-1.tegant.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6856, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-2.tegant.net"; dns.query; content:"de-fsn-w-2.tegant.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6857, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beautifulthings.eu.org"; dns.query; content:"beautifulthings.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6858, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.beautifulthings.eu.org"; dns.query; content:"www.beautifulthings.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6859, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for curses.cloud"; dns.query; content:"curses.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6860, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.4l2.cn"; dns.query; content:"doh.4l2.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6861, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doctorbrobotnik.com"; dns.query; content:"doctorbrobotnik.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6862, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.doctorbrobotnik.com"; dns.query; content:"www.doctorbrobotnik.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6863, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atl.firestorrrm.com"; dns.query; content:"atl.firestorrrm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6864, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.kinopu.com"; dns.query; content:"home.kinopu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6865, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.alex-tools.dev"; dns.query; content:"adguard.alex-tools.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27993059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6866, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for web-rated.ie"; dns.query; content:"web-rated.ie"; nocase; fast_pattern; classtype:bad-unknown; sid:27993060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6867, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.hostme.co.il"; dns.query; content:"ag.hostme.co.il"; nocase; fast_pattern; classtype:bad-unknown; sid:27993061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6868, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for victormdns.ddns.net"; dns.query; content:"victormdns.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6869, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.yamamoto.ren"; dns.query; content:"adguard.yamamoto.ren"; nocase; fast_pattern; classtype:bad-unknown; sid:27993063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6870, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.linux.repair"; dns.query; content:"ag.linux.repair"; nocase; fast_pattern; classtype:bad-unknown; sid:27993064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6871, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muffincat.ru"; dns.query; content:"muffincat.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6872, updated_at 2023_10_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pukanuragan.ru"; dns.query; content:"pukanuragan.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6873, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.pukanuragan.ru"; dns.query; content:"www.pukanuragan.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6874, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vikose.com.vn"; dns.query; content:"vikose.com.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6875, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.best"; dns.query; content:"doh.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27993069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6876, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.doh.best"; dns.query; content:"ns2.doh.best"; nocase; fast_pattern; classtype:bad-unknown; sid:27993070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6877, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bourassa.cc"; dns.query; content:"dns.bourassa.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27993071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6878, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mathease.cn"; dns.query; content:"mathease.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6879, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.mathease.cn"; dns.query; content:"www.mathease.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6880, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flwagners.com"; dns.query; content:"dns.flwagners.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6881, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mr-romero.com"; dns.query; content:"mr-romero.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6882, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c.malicioustation.icu"; dns.query; content:"c.malicioustation.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6883, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beacon.fengli.love"; dns.query; content:"beacon.fengli.love"; nocase; fast_pattern; classtype:bad-unknown; sid:27993077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6884, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for no-osl-w-1.nashkan.net"; dns.query; content:"no-osl-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6885, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-home.server-on.net"; dns.query; content:"adguard-home.server-on.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6886, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uradoori.org"; dns.query; content:"uradoori.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6887, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for craft.vps.pw"; dns.query; content:"craft.vps.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27993081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6888, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.why4free.top"; dns.query; content:"dns.why4free.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6889, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg1-1.362430.xyz"; dns.query; content:"sg1-1.362430.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6890, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns4me.xyz"; dns.query; content:"dns4me.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6891, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.oii.im"; dns.query; content:"ddns.oii.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27993085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6892, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cynthialabs.net"; dns.query; content:"dns.cynthialabs.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6893, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.0w0.ooo"; dns.query; content:"d.0w0.ooo"; nocase; fast_pattern; classtype:bad-unknown; sid:27993087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6894, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.acrobyte.org"; dns.query; content:"adguard.acrobyte.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6895, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.bigmaomao.xyz"; dns.query; content:"ddns.bigmaomao.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6896, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ros.osmenoga.com"; dns.query; content:"ros.osmenoga.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6898, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privacy.plumedns.com"; dns.query; content:"privacy.plumedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6899, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maceyvps.cyou"; dns.query; content:"maceyvps.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27993092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6900, updated_at 2023_07_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ho.hostme.co.il"; dns.query; content:"ho.hostme.co.il"; nocase; fast_pattern; classtype:bad-unknown; sid:27993093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6901, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.frankychen.me"; dns.query; content:"dns.frankychen.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6902, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adsfree.ddns.net"; dns.query; content:"adsfree.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6903, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aganin.org"; dns.query; content:"dns.aganin.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6904, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.aganin.org"; dns.query; content:"www.dns.aganin.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6905, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nd.nimbahanet.xyz"; dns.query; content:"nd.nimbahanet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6906, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alvosec.com"; dns.query; content:"dns.alvosec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6907, updated_at 2023_05_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.7sec.com.br"; dns.query; content:"dns.7sec.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27993100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6908, updated_at 2023_06_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kilabit.info"; dns.query; content:"kilabit.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6910, updated_at 2023_06_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adups.com"; dns.query; content:"dns.adups.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6912, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.felixf.eu"; dns.query; content:"ag.felixf.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6914, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hcu.icu"; dns.query; content:"hcu.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27993104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6915, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atsilva.link"; dns.query; content:"atsilva.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27993105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6917, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.atsilva.link"; dns.query; content:"dns.atsilva.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27993106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6918, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sinas85.synology.me"; dns.query; content:"sinas85.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27993107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6919, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private.adguard.wessels-net.nl"; dns.query; content:"private.adguard.wessels-net.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6920, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ngc7331.top"; dns.query; content:"dns.ngc7331.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6921, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for remote.sufly.top"; dns.query; content:"remote.sufly.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6922, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tokyodns2.songnguyen.name.vn"; dns.query; content:"tokyodns2.songnguyen.name.vn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6923, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.niyaru.xyz"; dns.query; content:"doh.niyaru.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6924, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.wiqi.app"; dns.query; content:"ad.wiqi.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27993113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6926, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 22dnsipv4.asia"; dns.query; content:"22dnsipv4.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27993114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6927, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.22dnsipv4.asia"; dns.query; content:"www.22dnsipv4.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27993115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6928, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.dh.ci"; dns.query; content:"d.dh.ci"; nocase; fast_pattern; classtype:bad-unknown; sid:27993116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6929, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kb.hanfling.click"; dns.query; content:"kb.hanfling.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27993117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6930, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for my-api.cn"; dns.query; content:"my-api.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6931, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kawpad.southeastasia.cloudapp.azure.com"; dns.query; content:"kawpad.southeastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6932, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag-dns-01.cloud.judsen.io"; dns.query; content:"ag-dns-01.cloud.judsen.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27993120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6933, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.infrapod.nl"; dns.query; content:"adguard01.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6934, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard02.infrapod.nl"; dns.query; content:"adguard02.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6935, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.dns.infrapod.nl"; dns.query; content:"adguard01.dns.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6936, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard02.dns.infrapod.nl"; dns.query; content:"adguard02.dns.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27993124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6937, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ele.xyz"; dns.query; content:"dns.ele.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6938, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for go.icoding168.xyz"; dns.query; content:"go.icoding168.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6939, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maxte7.xyz"; dns.query; content:"dns.maxte7.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27993127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6940, updated_at 2023_10_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for max.sardinesindigo.cf"; dns.query; content:"max.sardinesindigo.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27993128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7189, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.yoandev.co"; dns.query; content:"adguard.yoandev.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27993129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7190, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.indybanipal.com"; dns.query; content:"dns.indybanipal.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7191, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blast.broadband.ink"; dns.query; content:"blast.broadband.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27993131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7192, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.fasya.net"; dns.query; content:"doh.fasya.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7193, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ext.rizult.net"; dns.query; content:"adguard.ext.rizult.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7194, updated_at 2023_10_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fatia.org"; dns.query; content:"fatia.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7195, updated_at 2023_10_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh-target-noads.alekberg.net"; dns.query; content:"odoh-target-noads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7232, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh-target-se.alekberg.net"; dns.query; content:"odoh-target-se.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7234, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c-dns.com"; dns.query; content:"c-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7271, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh.cloudflare-dns.com"; dns.query; content:"odoh.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7285, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh.crypto.sx"; dns.query; content:"odoh.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27993139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7310, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for morbitzer.de"; dns.query; content:"morbitzer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27993140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7534, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns0.fdn.fr"; dns.query; content:"ns0.fdn.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27993141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7725, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.fdn.fr"; dns.query; content:"ns1.fdn.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27993142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7726, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ddns.network"; dns.query; content:"adguard.ddns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27993143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7731, updated_at 2023_06_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.fresh-waffles.online"; dns.query; content:"adguard.fresh-waffles.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27993144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7733, updated_at 2023_06_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kss.ovh"; dns.query; content:"adguard.kss.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27993145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7734, updated_at 2023_11_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.knightlsy.asia"; dns.query; content:"dns.knightlsy.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27993146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7735, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.erw.cc"; dns.query; content:"dns.erw.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27993147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7736, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shushu.cf"; dns.query; content:"dns.shushu.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27993148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7737, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for htgg.cloud"; dns.query; content:"htgg.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7738, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-dns.zmy.cloud"; dns.query; content:"dot-dns.zmy.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27993150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7739, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns.clubbase.club"; dns.query; content:"addns.clubbase.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27993151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7740, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.foximao.cn"; dns.query; content:"dns.foximao.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7741, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jerryw.cn"; dns.query; content:"dns.jerryw.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7742, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.juyic.cn"; dns.query; content:"dns.juyic.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7743, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgh.laufan.cn"; dns.query; content:"adgh.laufan.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7744, updated_at 2023_10_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.noobel.cn"; dns.query; content:"dns.noobel.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7745, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.timochan.cn"; dns.query; content:"dns.timochan.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7746, updated_at 2023_08_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.x2jz.cn"; dns.query; content:"d.x2jz.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7747, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zblank.cn"; dns.query; content:"zblank.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7748, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zxi7.cn"; dns.query; content:"dns.zxi7.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27993160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7749, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.caifuwu.com"; dns.query; content:"agh.caifuwu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7750, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dn.ckjack.com"; dns.query; content:"dn.ckjack.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7751, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jkdsm.com"; dns.query; content:"jkdsm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7752, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.lilinth.com"; dns.query; content:"a.lilinth.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7753, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.moeyk.com"; dns.query; content:"doh.moeyk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7754, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seaofbits.com"; dns.query; content:"seaofbits.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7755, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnx.tttpai.com"; dns.query; content:"dnx.tttpai.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7756, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ublobs.com"; dns.query; content:"dns.ublobs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7757, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.vanderbasch.com"; dns.query; content:"resolver.vanderbasch.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7758, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ip.wcy9.com"; dns.query; content:"ip.wcy9.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27993170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7759, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chadeyron.fr"; dns.query; content:"dns.chadeyron.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27993171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7760, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lova.long-nguyen.info"; dns.query; content:"lova.long-nguyen.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27993172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7763, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.jtt.ink"; dns.query; content:"b.jtt.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27993173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7764, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vault.lisl.ink"; dns.query; content:"vault.lisl.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27993174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7765, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tracker.ink"; dns.query; content:"dns.tracker.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27993175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7766, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for docker-hub.ir"; dns.query; content:"docker-hub.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27993176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7767, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.guidocioni.it"; dns.query; content:"dns2.guidocioni.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27993177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7768, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lqh280.iok.la"; dns.query; content:"lqh280.iok.la"; nocase; fast_pattern; classtype:bad-unknown; sid:27993178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7769, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ahyxluo.ltd"; dns.query; content:"dns.ahyxluo.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27993179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7770, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.laison.ltd"; dns.query; content:"dns.laison.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27993180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7771, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud8.ownvps.ml"; dns.query; content:"cloud8.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27993181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7772, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.501w.net"; dns.query; content:"home.501w.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7773, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for goldpool.net"; dns.query; content:"goldpool.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7774, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agathe.tobkar.net"; dns.query; content:"agathe.tobkar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7775, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cc2.v8er.net"; dns.query; content:"cc2.v8er.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27993185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7776, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drwg.org"; dns.query; content:"drwg.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27993186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7779, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for end.pub"; dns.query; content:"end.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27993187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7781, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lipunyushka.ru"; dns.query; content:"lipunyushka.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27993188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7782, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.wcguo.space"; dns.query; content:"d.wcguo.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27993189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7783, updated_at 2023_11_11;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.smart365.tk"; dns.query; content:"d.smart365.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7784, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yuhui.tk"; dns.query; content:"yuhui.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7785, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t.yuhui.tk"; dns.query; content:"t.yuhui.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7786, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v.yuhui.tk"; dns.query; content:"v.yuhui.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7787, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.yuhui.tk"; dns.query; content:"www.yuhui.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27993194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7788, updated_at 2023_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ccyykk.top"; dns.query; content:"ccyykk.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7789, updated_at 2023_11_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ljq87.top"; dns.query; content:"dns.ljq87.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27993196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7790, updated_at 2023_11_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for