# (o)DoH server list (DNS entries).
# See https://jpgpi250.github.io/piholemanual/doc/Block%20DOH%20with%20pfsense.pdf
#
# Last updated: 2023-01-28 04:31:25 (UTC)
# MD5 checksum file available.
#
# SID reservations: https://sidallocation.org/
# GitHub: https://github.com/sidallocation/sidallocation.org
#
# Report issues with this list at https://github.com/jpgpi250/piholemanual/issues
# Use SID Management to disable specific entries.
#
# Terms of Services (ToS)
# By using the datasets, you agree that:
#   The datasets can be used for both, commercial and non-commercial purpose without any limitations (CC0 - No Rights Reserved)
#   Data offered is served as it is on best effort
#   I (jpgpi250) can not be held liable for any false positive or damage caused by the use of the datasets offered.
#
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.google"; dns.query; content:"dns.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 0, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflare-dns.com"; dns.query; content:"cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns9.quad9.net"; dns.query; content:"dns9.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns10.quad9.net"; dns.query; content:"dns10.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cleanbrowsing.org"; dns.query; content:"doh.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnsoverhttps.net"; dns.query; content:"dns.dnsoverhttps.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.crypto.sx"; dns.query; content:"doh.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 6, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.powerdns.org"; dns.query; content:"doh.powerdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 7, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-jp.blahdns.com"; dns.query; content:"doh-jp.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 8, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dns-over-https.com"; dns.query; content:"dns.dns-over-https.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 9, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.securedns.eu"; dns.query; content:"doh.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 10, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rubyfish.cn"; dns.query; content:"dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 11, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnswarden.com"; dns.query; content:"doh.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 12, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.captnemo.in"; dns.query; content:"doh.captnemo.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 13, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tiar.app"; dns.query; content:"doh.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 14, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaflalo.me"; dns.query; content:"dns.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 15, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-nyc.aaflalo.me"; dns.query; content:"dns-nyc.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 16, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard.com"; dns.query; content:"dns.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 17, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-family.adguard.com"; dns.query; content:"dns-family.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 18, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alekberg.net"; dns.query; content:"dns.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 19, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.alekberg.net"; dns.query; content:"dns2.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 20, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsse.alekberg.net"; dns.query; content:"dnsse.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 21, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alidns.com"; dns.query; content:"dns.alidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 22, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aa.net.uk"; dns.query; content:"dns.aa.net.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 23, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.42l.fr"; dns.query; content:"doh.42l.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 24, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohtrial.att.net"; dns.query; content:"dohtrial.att.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 25, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-fi.blahdns.com"; dns.query; content:"doh-fi.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 26, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-de.blahdns.com"; dns.query; content:"doh-de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 28, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-sg.blahdns.com"; dns.query; content:"doh-sg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 29, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brahma.world"; dns.query; content:"dns.brahma.world"; nocase; fast_pattern; classtype:bad-unknown; sid:27990030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 30, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private.canadianshield.cira.ca"; dns.query; content:"private.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 31, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for protected.canadianshield.cira.ca"; dns.query; content:"protected.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 32, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.canadianshield.cira.ca"; dns.query; content:"family.canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 33, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.opendns.com"; dns.query; content:"doh.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 35, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.familyshield.opendns.com"; dns.query; content:"doh.familyshield.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 36, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family-filter-dns.cleanbrowsing.org"; dns.query; content:"family-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 37, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adult-filter-dns.cleanbrowsing.org"; dns.query; content:"adult-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 38, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security-filter-dns.cleanbrowsing.org"; dns.query; content:"security-filter-dns.cleanbrowsing.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 39, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for one.one.one.one"; dns.query; content:"one.one.one.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 41, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mozilla.cloudflare-dns.com"; dns.query; content:"mozilla.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 42, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1dot1dot1dot1.cloudflare-dns.com"; dns.query; content:"1dot1dot1dot1.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 43, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns64.cloudflare-dns.com"; dns.query; content:"dns64.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 45, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security.cloudflare-dns.com"; dns.query; content:"security.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 46, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.cloudflare-dns.com"; dns.query; content:"family.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 47, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xfinity.com"; dns.query; content:"doh.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 48, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.recursive.dnsbycomodo.com"; dns.query; content:"ns1.recursive.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 49, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.recursive.dnsbycomodo.com"; dns.query; content:"ns2.recursive.dnsbycomodo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 50, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for commons.host"; dns.query; content:"commons.host"; nocase; fast_pattern; classtype:bad-unknown; sid:27990048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 51, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.containerpi.com"; dns.query; content:"dns.containerpi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 52, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohdot.coxlab.net"; dns.query; content:"dohdot.coxlab.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 53, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-ipv6.crypto.sx"; dns.query; content:"doh-ipv6.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 55, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitale-gesellschaft.ch"; dns.query; content:"dns.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 56, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.li"; dns.query; content:"doh.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 57, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.dnscrypt.ca"; dns.query; content:"dns1.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 58, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.dnscrypt.ca"; dns.query; content:"dns2.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 59, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsforge.de"; dns.query; content:"dnsforge.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 60, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnshome.de"; dns.query; content:"dns.dnshome.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 61, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnslify.com"; dns.query; content:"doh.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 62, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.ns.dnslify.com"; dns.query; content:"a.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 63, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.ns.dnslify.com"; dns.query; content:"b.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 64, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.safe.ns.dnslify.com"; dns.query; content:"a.safe.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 65, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.safe.ns.dnslify.com"; dns.query; content:"b.safe.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 66, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.family.ns.dnslify.com"; dns.query; content:"a.family.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 67, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b.family.ns.dnslify.com"; dns.query; content:"b.family.ns.dnslify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 68, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.seby.io"; dns.query; content:"doh.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 69, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-2.seby.io"; dns.query; content:"doh-2.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 70, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.sb"; dns.query; content:"doh.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 71, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.dyndnsinternetguide.com"; dns.query; content:"resolver1.dyndnsinternetguide.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 72, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.dyndnsinternetguide.com"; dns.query; content:"resolver2.dyndnsinternetguide.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 73, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ffmuc.net"; dns.query; content:"doh.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 74, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.applied-privacy.net"; dns.query; content:"doh.applied-privacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 75, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.233py.com"; dns.query; content:"dns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 76, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.233py.com"; dns.query; content:"i.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 77, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wdns.233py.com"; dns.query; content:"wdns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 78, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ndns.233py.com"; dns.query; content:"ndns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 79, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdns.233py.com"; dns.query; content:"sdns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 80, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for google-public-dns-a.google.com"; dns.query; content:"google-public-dns-a.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 82, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for google-public-dns-b.google.com"; dns.query; content:"google-public-dns-b.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 83, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns64.dns.google"; dns.query; content:"dns64.dns.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 84, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hostux.net"; dns.query; content:"dns.hostux.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 85, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ibuki.cgnat.net"; dns.query; content:"ibuki.cgnat.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 86, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ibksturm.synology.me"; dns.query; content:"ibksturm.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 87, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jcdns.fun"; dns.query; content:"jcdns.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27990083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 88, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver-eu.lelux.fi"; dns.query; content:"resolver-eu.lelux.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 89, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.libredns.gr"; dns.query; content:"doh.libredns.gr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 90, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mrkaran.dev"; dns.query; content:"dns.mrkaran.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 91, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nextdns.io"; dns.query; content:"dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 93, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.any.dns.nixnet.xyz"; dns.query; content:"uncensored.any.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 94, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.any.dns.nixnet.xyz"; dns.query; content:"adblock.any.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 95, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.lv1.dns.nixnet.xyz"; dns.query; content:"uncensored.lv1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 96, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.lv1.dns.nixnet.xyz"; dns.query; content:"adblock.lv1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 97, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.ny1.dns.nixnet.xyz"; dns.query; content:"uncensored.ny1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 98, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.ny1.dns.nixnet.xyz"; dns.query; content:"adblock.ny1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 99, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.lux1.dns.nixnet.xyz"; dns.query; content:"uncensored.lux1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 100, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.lux1.dns.nixnet.xyz"; dns.query; content:"adblock.lux1.dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 101, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.opendns.com"; dns.query; content:"resolver1.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 102, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.opendns.com"; dns.query; content:"resolver2.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 103, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1-fs.opendns.com"; dns.query; content:"resolver1-fs.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 104, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2-fs.opendns.com"; dns.query; content:"resolver2-fs.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 105, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.ipv6-sandbox.opendns.com"; dns.query; content:"resolver1.ipv6-sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 106, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.ipv6-sandbox.opendns.com"; dns.query; content:"resolver2.ipv6-sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 107, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oszx.co"; dns.query; content:"dns.oszx.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27990102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 108, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pumplex.com"; dns.query; content:"dns.pumplex.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 109, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.centraleu.pi-dns.com"; dns.query; content:"doh.centraleu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 110, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.northeu.pi-dns.com"; dns.query; content:"doh.northeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 111, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.westus.pi-dns.com"; dns.query; content:"doh.westus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 112, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastus.pi-dns.com"; dns.query; content:"doh.eastus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 113, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quad9.net"; dns.query; content:"dns.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 115, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns11.quad9.net"; dns.query; content:"dns11.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 118, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rpz-public-resolver1.rrdns.pch.net"; dns.query; content:"rpz-public-resolver1.rrdns.pch.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 119, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-nosec.quad9.net"; dns.query; content:"dns-nosec.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 120, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.twnic.tw"; dns.query; content:"dns.twnic.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 121, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v6.rubyfish.cn"; dns.query; content:"v6.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 122, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ea-dns.rubyfish.cn"; dns.query; content:"ea-dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 124, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uw-dns.rubyfish.cn"; dns.query; content:"uw-dns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 125, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads-doh.securedns.eu"; dns.query; content:"ads-doh.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 127, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi.doh.dns.snopyta.org"; dns.query; content:"fi.doh.dns.snopyta.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 128, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.switch.ch"; dns.query; content:"dns.switch.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 129, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tiarap.org"; dns.query; content:"doh.tiarap.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 131, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.tiar.app"; dns.query; content:"jp.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 132, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.tiarap.org"; dns.query; content:"jp.tiarap.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 133, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.t53.de"; dns.query; content:"dns.t53.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 134, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.appliedprivacy.net"; dns.query; content:"doh.appliedprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 137, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public.dns.iij.jp"; dns.query; content:"public.dns.iij.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27990124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 138, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.gridns.xyz"; dns.query; content:"jp.gridns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 139, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flatuslifir.is"; dns.query; content:"dns.flatuslifir.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27990126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 140, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odvr.nic.cz"; dns.query; content:"odvr.nic.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 141, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rumpelsepp.org"; dns.query; content:"rumpelsepp.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 142, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ordns.he.net"; dns.query; content:"ordns.he.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 143, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdns.faelix.net"; dns.query; content:"rdns.faelix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 144, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adfree.usableprivacy.net"; dns.query; content:"adfree.usableprivacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 145, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.233py.com.a.bdydns.com"; dns.query; content:"i.233py.com.a.bdydns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 148, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opencdn.jomodns.com"; dns.query; content:"opencdn.jomodns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 149, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.233py.com.cdn.cloudflare.net"; dns.query; content:"dns.233py.com.cdn.cloudflare.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 151, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edns.233py.com"; dns.query; content:"edns.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 152, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-gcp.aaflalo.me"; dns.query; content:"dns-gcp.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 156, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.in.ahadns.net"; dns.query; content:"doh.in.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 161, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nl.ahadns.net"; dns.query; content:"doh.nl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 162, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.us.ahadns.net"; dns.query; content:"doh.us.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 163, updated_at 2021_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnses.alekberg.net"; dns.query; content:"dnses.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 166, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnl.alekberg.net"; dns.query; content:"dnsnl.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 167, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.armadillodns.net"; dns.query; content:"doh.armadillodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 172, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blahdns.com"; dns.query; content:"blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 174, updated_at 2021_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.blahdns.com"; dns.query; content:"doh.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 175, updated_at 2021_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-ch.blahdns.com"; dns.query; content:"doh-ch.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 176, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.blockerdns.com"; dns.query; content:"doh.blockerdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 180, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for free.bravedns.com"; dns.query; content:"free.bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 182, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bravedns.com"; dns.query; content:"bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 183, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for canadianshield.cira.ca"; dns.query; content:"canadianshield.cira.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 186, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudflare.com"; dns.query; content:"dns.cloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 190, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cmrg.net"; dns.query; content:"dns.cmrg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 196, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jit.ddns.net"; dns.query; content:"jit.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 201, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.defaultroutes.de"; dns.query; content:"doh.defaultroutes.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 202, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.developer.li"; dns.query; content:"dns.developer.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 203, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.developer.li"; dns.query; content:"dns2.developer.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 204, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.digitale-gesellschaft.ch"; dns.query; content:"dns1.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 206, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.digitale-gesellschaft.ch"; dns.query; content:"dns2.digitale-gesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 207, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public-dns-a.dns.sb"; dns.query; content:"public-dns-a.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 215, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for public-dns-b.dns.sb"; dns.query; content:"public-dns-b.dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 216, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock-dot.dnswarden.com"; dns.query; content:"adblock-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 222, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adult-filter-dot.dnswarden.com"; dns.query; content:"adult-filter-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 223, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ecs-doh.dnswarden.com"; dns.query; content:"ecs-doh.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 225, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored-dot.dnswarden.com"; dns.query; content:"uncensored-dot.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 226, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.google.com"; dns.query; content:"dns.google.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 231, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.gridns.xyz"; dns.query; content:"sg.gridns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 235, updated_at 2021_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.dns.lavate.ch"; dns.query; content:"us1.dns.lavate.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 240, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu1.dns.lavate.ch"; dns.query; content:"eu1.dns.lavate.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 241, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.libredns.org"; dns.query; content:"doh.libredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 243, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.mydns.network"; dns.query; content:"adblock.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 245, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neutopia.org"; dns.query; content:"dns.neutopia.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 246, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.netweaver.uk"; dns.query; content:"doh.netweaver.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 248, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nextdns.io"; dns.query; content:"dns1.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 250, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nextdns.io"; dns.query; content:"dns2.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 251, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nixnet.xyz"; dns.query; content:"dns.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 253, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv1.nixnet.xyz"; dns.query; content:"lv1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 254, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ny1.nixnet.xyz"; dns.query; content:"ny1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 255, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lux1.nixnet.xyz"; dns.query; content:"lux1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 256, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pi-dns.com"; dns.query; content:"doh.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 265, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastas.pi-dns.com"; dns.query; content:"doh.eastas.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 267, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eastau.pi-dns.com"; dns.query; content:"doh.eastau.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 268, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.westeu.pi-dns.com"; dns.query; content:"doh.westeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 271, updated_at 2021_04_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls.sinodun.com"; dns.query; content:"dnsovertls.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 288, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls1.sinodun.com"; dns.query; content:"dnsovertls1.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 289, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wugui.zone"; dns.query; content:"dns.wugui.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 299, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-asia.wugui.zone"; dns.query; content:"dns-asia.wugui.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 300, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.gslb2.xfinity.com"; dns.query; content:"doh.gslb2.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 302, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.gandi.net"; dns.query; content:"dns.api.gandi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 303, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.globus.org"; dns.query; content:"dns.api.globus.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 304, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.integration.globuscs.info"; dns.query; content:"dns.api.integration.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 305, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.preview.globus.org"; dns.query; content:"dns.api.preview.globus.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 306, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.rackspacecloud.com"; dns.query; content:"dns.api.rackspacecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 307, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.sandbox.globuscs.info"; dns.query; content:"dns.api.sandbox.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 308, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.staging.globuscs.info"; dns.query; content:"dns.api.staging.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 309, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.api.test.globuscs.info"; dns.query; content:"dns.api.test.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 310, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.beta.gandi.net"; dns.query; content:"dns.beta.gandi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 311, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudfiction.eu"; dns.query; content:"dns.cloudfiction.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 312, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eu-frankfurt-1.oraclecloud.com"; dns.query; content:"dns.eu-frankfurt-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 314, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.islandnet.com"; dns.query; content:"dns.islandnet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 316, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.onp.cloud"; dns.query; content:"dns.onp.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 317, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tuna.tsinghua.edu.cn"; dns.query; content:"dns.tuna.tsinghua.edu.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 319, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uk-london-1.oraclecloud.com"; dns.query; content:"dns.uk-london-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 320, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-ashburn-1.oraclecloud.com"; dns.query; content:"dns.us-ashburn-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 321, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-phoenix-1.oraclecloud.com"; dns.query; content:"dns.us-phoenix-1.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 322, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.dnswarden.com"; dns.query; content:"doh1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 343, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.dnswarden.com"; dns.query; content:"doh2.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 344, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1001.cloudflare-dns.com"; dns.query; content:"1001.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 361, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1111.cloudflare-dns.com"; dns.query; content:"1111.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 362, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azure.cloudflare-dns.com"; dns.query; content:"azure.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 365, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chrome.cloudflare-dns.com"; dns.query; content:"chrome.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 366, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opera.cloudflare-dns.com"; dns.query; content:"opera.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 368, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tor.cloudflare-dns.com"; dns.query; content:"tor.cloudflare-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 369, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 8888.google"; dns.query; content:"8888.google"; nocase; fast_pattern; classtype:bad-unknown; sid:27990212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 373, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns12.quad9.net"; dns.query; content:"dns12.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 379, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trr.dns.nextdns.io"; dns.query; content:"trr.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 383, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.xfinity.com"; dns.query; content:"dot.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 395, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.la.ahadns.net"; dns.query; content:"doh.la.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 436, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ny.ahadns.net"; dns.query; content:"doh.ny.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 437, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for example.doh.blockerdns.com"; dns.query; content:"example.doh.blockerdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 448, updated_at 2022_09_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-01.spectrum.com"; dns.query; content:"doh-01.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 452, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-02.spectrum.com"; dns.query; content:"doh-02.spectrum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 453, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moulticast.net"; dns.query; content:"dns.moulticast.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 492, updated_at 2022_08_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitalegesellschaft.ch"; dns.query; content:"dns.digitalegesellschaft.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 522, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.cloudflaredns.com"; dns.query; content:"family.cloudflaredns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 525, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohsg.blahdns.com"; dns.query; content:"dohsg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 527, updated_at 2021_08_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohipv6.crypto.sx"; dns.query; content:"dohipv6.crypto.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 531, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdohnosafesearch.dnsforfamily.com"; dns.query; content:"dnsdohnosafesearch.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 540, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.yepdns.com"; dns.query; content:"sg.yepdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 543, updated_at 2021_09_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.njal.la"; dns.query; content:"dns.njal.la"; nocase; fast_pattern; classtype:bad-unknown; sid:27990228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 544, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.seby.io"; dns.query; content:"doh2.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 546, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohjp.blahdns.com"; dns.query; content:"dohjp.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 547, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bortzmeyer.fr"; dns.query; content:"doh.bortzmeyer.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 549, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uwdns.rubyfish.cn"; dns.query; content:"uwdns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 554, updated_at 2021_05_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohde.blahdns.com"; dns.query; content:"dohde.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 555, updated_at 2022_11_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.arapurayil.com"; dns.query; content:"dns.arapurayil.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 556, updated_at 2021_12_22;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnyc.aaflalo.me"; dns.query; content:"dnsnyc.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 557, updated_at 2021_03_10;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdoh.dnsforfamily.com"; dns.query; content:"dnsdoh.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 559, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for security.cloudflaredns.com"; dns.query; content:"security.cloudflaredns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 561, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.ryanpalmer.com"; dns.query; content:"dns1.ryanpalmer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 564, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chewbacca.meganerd.nl"; dns.query; content:"chewbacca.meganerd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 568, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.circl.lu"; dns.query; content:"dns.circl.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 569, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsfamily.adguard.com"; dns.query; content:"dnsfamily.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 573, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.linuxsec.org"; dns.query; content:"doh.linuxsec.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 577, updated_at 2021_09_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eadns.rubyfish.cn"; dns.query; content:"eadns.rubyfish.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 579, updated_at 2021_05_06;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohfi.blahdns.com"; dns.query; content:"dohfi.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 580, updated_at 2023_01_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.therifleman.name"; dns.query; content:"dns.therifleman.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27990245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 582, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.this.web.id"; dns.query; content:"doh.this.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 584, updated_at 2021_10_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1dot1dot1dot1.cloudflaredns.com"; dns.query; content:"1dot1dot1dot1.cloudflaredns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 585, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohch.blahdns.com"; dns.query; content:"dohch.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 589, updated_at 2022_11_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pub"; dns.query; content:"doh.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 591, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ibr.cs.tu-bs.de"; dns.query; content:"doh.ibr.cs.tu-bs.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 604, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eieidns.com"; dns.query; content:"doh.eieidns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 605, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.de.blahdns.com"; dns.query; content:"doh.de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 607, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bugdns.com"; dns.query; content:"doh.bugdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 609, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datt.pw"; dns.query; content:"doh.datt.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 610, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ntu.ssooss.win"; dns.query; content:"doh.ntu.ssooss.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 611, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.qis.io"; dns.query; content:"doh.qis.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 614, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.360.cn"; dns.query; content:"doh.360.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 640, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.233py.com"; dns.query; content:"doh.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 642, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaitain.restena.lu"; dns.query; content:"kaitain.restena.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 687, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pub"; dns.query; content:"dns.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 689, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.decloudus.com"; dns.query; content:"dns.decloudus.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 698, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.ryan-palmer.com"; dns.query; content:"dns1.ryan-palmer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 742, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.east.comss.one"; dns.query; content:"dns.east.comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 753, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.comss.one"; dns.query; content:"dns.comss.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 754, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-unfiltered.adguard.com"; dns.query; content:"dns-unfiltered.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 756, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pl.ahadns.net"; dns.query; content:"doh.pl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 853, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.it.ahadns.net"; dns.query; content:"doh.it.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 854, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.es.ahadns.net"; dns.query; content:"doh.es.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 855, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.no.ahadns.net"; dns.query; content:"doh.no.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 856, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.chi.ahadns.net"; dns.query; content:"doh.chi.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 857, updated_at 2022_07_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.au.ahadns.net"; dns.query; content:"doh.au.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 858, updated_at 2022_07_01;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.post-factum.tk"; dns.query; content:"doh.post-factum.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 859, updated_at 2022_03_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.postfactum.tk"; dns.query; content:"doh.postfactum.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 860, updated_at 2022_03_05;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.telekom.de"; dns.query; content:"dns.telekom.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 862, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.doh.my.id"; dns.query; content:"doh.doh.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 866, updated_at 2021_10_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.kutu.my.id"; dns.query; content:"doh.kutu.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 867, updated_at 2021_04_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id.terra.my.id"; dns.query; content:"id.terra.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 868, updated_at 2021_04_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asia.dnscepat.id"; dns.query; content:"asia.dnscepat.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 869, updated_at 2021_03_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edgy.network"; dns.query; content:"dns.edgy.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 870, updated_at 2022_02_04;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freedom.mydns.network"; dns.query; content:"freedom.mydns.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 871, updated_at 2022_11_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for draco.plan9ns2.com"; dns.query; content:"draco.plan9ns2.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 872, updated_at 2022_06_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hydra.plan9ns1.com"; dns.query; content:"hydra.plan9ns1.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 874, updated_at 2021_04_02;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.post-factum.tk"; dns.query; content:"dns.post-factum.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 877, updated_at 2022_05_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freedns.controld.com"; dns.query; content:"freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 882, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.abmb.win"; dns.query; content:"doh.abmb.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 885, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.abmb.win"; dns.query; content:"doh2.abmb.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 886, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.nl.ahadns.net"; dns.query; content:"dot.nl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 895, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.in.ahadns.net"; dns.query; content:"dot.in.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 896, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.la.ahadns.net"; dns.query; content:"dot.la.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 897, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ny.ahadns.net"; dns.query; content:"dot.ny.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 898, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.pl.ahadns.net"; dns.query; content:"dot.pl.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 899, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.it.ahadns.net"; dns.query; content:"dot.it.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 900, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.es.ahadns.net"; dns.query; content:"dot.es.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 901, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.no.ahadns.net"; dns.query; content:"dot.no.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 902, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.chi.ahadns.net"; dns.query; content:"dot.chi.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 903, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.au.ahadns.net"; dns.query; content:"dot.au.ahadns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 904, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot1.applied-privacy.net"; dns.query; content:"dot1.applied-privacy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 905, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.blahdns.com"; dns.query; content:"doh1.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 906, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.b-cdn.net"; dns.query; content:"doh1.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 907, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.blahdns.com"; dns.query; content:"doh2.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 908, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.b-cdn.net"; dns.query; content:"doh2.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 909, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-ch.blahdns.com"; dns.query; content:"dot-ch.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 910, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudflare-gateway.com"; dns.query; content:"cloudflare-gateway.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 914, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pdns.faelix.net"; dns.query; content:"pdns.faelix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 925, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jarjar.meganerd.nl"; dns.query; content:"jarjar.meganerd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 926, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sandbox.opendns.com"; dns.query; content:"doh.sandbox.opendns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 928, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.seby.io"; dns.query; content:"dot.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 929, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.dnscrypt-cert.dns.seby.io"; dns.query; content:"2.dnscrypt-cert.dns.seby.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 930, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fdns1.dismail.de"; dns.query; content:"fdns1.dismail.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 932, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fdns2.dismail.de"; dns.query; content:"fdns2.dismail.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 933, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.censurfridns.dk"; dns.query; content:"anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 934, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.censurfridns.dk"; dns.query; content:"deic-lgb.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 935, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.censurfridns.dk"; dns.query; content:"deic-ore.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 936, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.censurfridns.dk"; dns.query; content:"kracon.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 937, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.censurfridns.dk"; dns.query; content:"rgnet-iad.anycast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 938, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.censurfridns.dk"; dns.query; content:"unicast.censurfridns.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 939, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.uncensoreddns.org"; dns.query; content:"anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 940, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-lgb.anycast.uncensoreddns.org"; dns.query; content:"deic-lgb.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 941, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deic-ore.anycast.uncensoreddns.org"; dns.query; content:"deic-ore.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 942, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kracon.anycast.uncensoreddns.org"; dns.query; content:"kracon.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 943, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rgnet-iad.anycast.uncensoreddns.org"; dns.query; content:"rgnet-iad.anycast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 944, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unicast.uncensoreddns.org"; dns.query; content:"unicast.uncensoreddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 945, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.doh.mullvad.net"; dns.query; content:"adblock.doh.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 946, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mullvad.net"; dns.query; content:"doh.mullvad.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 947, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for basic.bravedns.com"; dns.query; content:"basic.bravedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 951, updated_at 2021_07_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.blokada.org"; dns.query; content:"dns.blokada.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 975, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.umbrella.comu"; dns.query; content:"doh.umbrella.comu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 976, updated_at 2021_04_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.umbrella.com"; dns.query; content:"doh.umbrella.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 977, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hydra.plan9-ns1.com"; dns.query; content:"hydra.plan9-ns1.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 980, updated_at 2022_08_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for draco.plan9-ns2.com"; dns.query; content:"draco.plan9-ns2.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 981, updated_at 2022_08_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.emeraldonion.org"; dns.query; content:"dns.emeraldonion.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 983, updated_at 2021_06_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rethinkdns.com"; dns.query; content:"rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 987, updated_at 2021_08_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sb"; dns.query; content:"doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 993, updated_at 2023_01_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnlnoads.alekberg.net"; dns.query; content:"dnsnlnoads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 994, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk.adhole.org"; dns.query; content:"uk.adhole.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 995, updated_at 2022_06_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.adhole.org"; dns.query; content:"de.adhole.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 996, updated_at 2022_06_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.adhole.org"; dns.query; content:"sg.adhole.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 997, updated_at 2022_06_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-central.adhole.org"; dns.query; content:"us-central.adhole.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 998, updated_at 2022_06_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-east.adhole.org"; dns.query; content:"us-east.adhole.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 999, updated_at 2022_06_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wevpn.com"; dns.query; content:"dns.wevpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1010, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-weblock.wevpn.com"; dns.query; content:"dns-weblock.wevpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1011, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for basic.rethinkdns.com"; dns.query; content:"basic.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1012, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dnscrypt.uk"; dns.query; content:"doh.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1014, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v.dnscrypt.uk"; dns.query; content:"v.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1017, updated_at 2023_01_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic.i2pd.xyz"; dns.query; content:"opennic.i2pd.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1020, updated_at 2022_05_29;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-fi.blahdns.com"; dns.query; content:"dot-fi.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1026, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-de.blahdns.com"; dns.query; content:"dot-de.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1027, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-jp.blahdns.com"; dns.query; content:"dot-jp.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1028, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot-sg.blahdns.com"; dns.query; content:"dot-sg.blahdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1029, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ffmuc.net"; dns.query; content:"dot.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1031, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.libredns.gr.com"; dns.query; content:"dot.libredns.gr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1032, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.securedns.eu"; dns.query; content:"dot.securedns.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1033, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls2.sinodun.com"; dns.query; content:"dnsovertls2.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1034, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsovertls3.sinodun.com"; dns.query; content:"dnsovertls3.sinodun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1035, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi.dot.dns.snopyta.org"; dns.query; content:"fi.dot.dns.snopyta.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1036, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.tiar.app"; dns.query; content:"dot.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1037, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-doh.dnsforfamily.com"; dns.query; content:"dns-doh.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1040, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-dot.dnsforfamily.com"; dns.query; content:"dns-dot.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1041, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cfiec.net"; dns.query; content:"dns.cfiec.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1042, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eropa.dnscepat.id"; dns.query; content:"eropa.dnscepat.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1044, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.360.cn"; dns.query; content:"dot.360.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1046, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.pub"; dns.query; content:"dot.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1049, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for getdnsapi.net"; dns.query; content:"getdnsapi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1051, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.larsdebruin.net"; dns.query; content:"dns.larsdebruin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1052, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-tls.bitwiseshift.net"; dns.query; content:"dns-tls.bitwiseshift.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1053, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.dnsprivacy.at"; dns.query; content:"ns1.dnsprivacy.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1054, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.dnsprivacy.at"; dns.query; content:"ns2.dnsprivacy.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1055, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bitgeek.in"; dns.query; content:"dns.bitgeek.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1056, updated_at 2022_12_13;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privacydns.go6lab.si"; dns.query; content:"privacydns.go6lab.si"; nocase; fast_pattern; classtype:bad-unknown; sid:27990369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1057, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsotls.lab.nic.cl"; dns.query; content:"dnsotls.lab.nic.cl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1058, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls-dns-u.odvr.dns-oarc.net"; dns.query; content:"tls-dns-u.odvr.dns-oarc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1059, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.centraleu.pi-dns.com"; dns.query; content:"dot.centraleu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1060, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.northeu.pi-dns.com"; dns.query; content:"dot.northeu.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1061, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.westus.pi-dns.com"; dns.query; content:"dot.westus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1062, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastus.pi-dns.com"; dns.query; content:"dot.eastus.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1063, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastau.pi-dns.com"; dns.query; content:"dot.eastau.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1064, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.eastas.pi-dns.com"; dns.query; content:"dot.eastas.pi-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1065, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p0.freedns.controld.com"; dns.query; content:"p0.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1068, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p1.freedns.controld.com"; dns.query; content:"p1.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1069, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p2.freedns.controld.com"; dns.query; content:"p2.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1070, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p3.freedns.controld.com"; dns.query; content:"p3.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1071, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver4.dns.openinternet.io"; dns.query; content:"resolver4.dns.openinternet.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1075, updated_at 2021_09_24;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.apple.com"; dns.query; content:"doh.dns.apple.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1076, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for query.hdns.io"; dns.query; content:"query.hdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1086, updated_at 2022_06_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl.yepdns.com"; dns.query; content:"pl.yepdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1087, updated_at 2021_11_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.passcloud.xyz"; dns.query; content:"a.passcloud.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1088, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.passcloud.xyz"; dns.query; content:"i.passcloud.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1089, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns13.quad9.net"; dns.query; content:"dns13.quad9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1091, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.cox.net"; dns.query; content:"dot.cox.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1094, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cox.net"; dns.query; content:"doh.cox.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1095, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sb"; dns.query; content:"dns.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1096, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chromium.dns.nextdns.io"; dns.query; content:"chromium.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1098, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.quickline.ch"; dns.query; content:"doh.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1099, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for firefox.dns.nextdns.io"; dns.query; content:"firefox.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1280, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-h2.icloud.com"; dns.query; content:"mask-h2.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1298, updated_at 2021_09_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask.icloud.com"; dns.query; content:"mask.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1299, updated_at 2021_09_21;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for steering.nextdns.io"; dns.query; content:"steering.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1332, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.doh.my.id"; dns.query; content:"dns.doh.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1351, updated_at 2021_12_08;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscache.e-utp.net"; dns.query; content:"dnscache.e-utp.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1352, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.asia.dnswarden.com"; dns.query; content:"doh.asia.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1353, updated_at 2022_07_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.eu.dnswarden.com"; dns.query; content:"doh.eu.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1354, updated_at 2022_07_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.us.dnswarden.com"; dns.query; content:"doh.us.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1355, updated_at 2022_07_12;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscache.eutp.net"; dns.query; content:"dnscache.eutp.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1359, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blitz.ahadns.com"; dns.query; content:"blitz.ahadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1360, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bebasid.com"; dns.query; content:"dns.bebasid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1371, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.ipv6.dnscrypt.ca"; dns.query; content:"dns2.ipv6.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1375, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.ipv6.dnscrypt.ca"; dns.query; content:"dns1.ipv6.dnscrypt.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1377, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.digitalsize.net"; dns.query; content:"dns.digitalsize.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1379, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsesnoads.alekberg.net"; dns.query; content:"dnsesnoads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1381, updated_at 2022_06_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssenoads.alekberg.net"; dns.query; content:"dnssenoads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1382, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.safesurfer.io"; dns.query; content:"doh.safesurfer.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1385, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for puredns.org"; dns.query; content:"puredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1386, updated_at 2023_01_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsunfiltered.adguard.com"; dns.query; content:"dnsunfiltered.adguard.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1387, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycsast.dns.nextdns.io"; dns.query; content:"anycsast.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1388, updated_at 2022_06_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for httpdns-push.heytapmobile.com"; dns.query; content:"httpdns-push.heytapmobile.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1390, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blitz-setup.ahadns.com"; dns.query; content:"blitz-setup.ahadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1394, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.dns.nextdns.io"; dns.query; content:"anycast.dns.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1403, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.puredns.org"; dns.query; content:"family.puredns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1404, updated_at 2023_01_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.disconnect.app"; dns.query; content:"doh.disconnect.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1405, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for helios.plan9dns.com"; dns.query; content:"helios.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1406, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pluton.plan9dns.com"; dns.query; content:"pluton.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1407, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kronos.plan9dns.com"; dns.query; content:"kronos.plan9dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1408, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnswarden.com"; dns.query; content:"dns.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1414, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr1.dnswarden.com"; dns.query; content:"fr1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1415, updated_at 2022_09_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ind1.dnswarden.com"; dns.query; content:"ind1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1416, updated_at 2022_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg1.dnswarden.com"; dns.query; content:"sg1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1417, updated_at 2022_09_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.dnswarden.com"; dns.query; content:"us1.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1418, updated_at 2022_09_09;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-doh-no-safe-search.dnsforfamily.com"; dns.query; content:"dns-doh-no-safe-search.dnsforfamily.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1423, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cube.neubsi.at"; dns.query; content:"cube.neubsi.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1492, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.neubsi.at"; dns.query; content:"dns.neubsi.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1493, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.belnet.be"; dns.query; content:"dns.belnet.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27990431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1494, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datahata.by"; dns.query; content:"doh.datahata.by"; nocase; fast_pattern; classtype:bad-unknown; sid:27990432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1495, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu2.dns.lavate.ch"; dns.query; content:"eu2.dns.lavate.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1505, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quickline.ch"; dns.query; content:"dns.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1507, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.quickline.ch"; dns.query; content:"dns1.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1508, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.quickline.ch"; dns.query; content:"dns2.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1509, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.quickline.ch"; dns.query; content:"dot.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1511, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 360.233py.com"; dns.query; content:"360.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1514, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alternate-dns.com"; dns.query; content:"dns.alternate-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1522, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.arekjatim.com"; dns.query; content:"doh.arekjatim.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1523, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for france.beatquantum.com"; dns.query; content:"france.beatquantum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1524, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk.beatquantum.com"; dns.query; content:"uk.beatquantum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1525, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usa.beatquantum.com"; dns.query; content:"usa.beatquantum.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1526, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.bt.com"; dns.query; content:"doh.bt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1537, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cubedns.com"; dns.query; content:"cubedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1547, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsenc.com"; dns.query; content:"dnsenc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1549, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for easyhandshake.com"; dns.query; content:"easyhandshake.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1558, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.noaddns.com"; dns.query; content:"resolver.noaddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1559, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for helios.plan9-dns.com"; dns.query; content:"helios.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1562, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kronos.plan9-dns.com"; dns.query; content:"kronos.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1563, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pluton.plan9-dns.com"; dns.query; content:"pluton.plan9-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1564, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.scapetical.com"; dns.query; content:"dns.scapetical.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1570, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns03.dns.tin-fan.com"; dns.query; content:"ns03.dns.tin-fan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1573, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jabber-germany.de"; dns.query; content:"jabber-germany.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1580, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.jabber-germany.de"; dns.query; content:"www.jabber-germany.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1581, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for masters-of-cloud.de"; dns.query; content:"masters-of-cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1582, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.masters-of-cloud.de"; dns.query; content:"www.masters-of-cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1583, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.morbitzer.de"; dns.query; content:"www.morbitzer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1584, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mertcan.dev"; dns.query; content:"dns.mertcan.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1586, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ndo.dev"; dns.query; content:"dns.ndo.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1587, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1-doh.iriseden.fr"; dns.query; content:"ns1-doh.iriseden.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1591, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2-doh.iriseden.fr"; dns.query; content:"ns2-doh.iriseden.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1592, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gi.co.id"; dns.query; content:"dns.gi.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1597, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for please.dontsteal.my.id"; dns.query; content:"please.dontsteal.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1598, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.iucc.ac.il"; dns.query; content:"doh.iucc.ac.il"; nocase; fast_pattern; classtype:bad-unknown; sid:27990465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1599, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.micronets.in"; dns.query; content:"doh.micronets.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1600, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bld.sys-adm.in"; dns.query; content:"bld.sys-adm.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1601, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lv"; dns.query; content:"doh.lv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1615, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nic.lv"; dns.query; content:"doh.nic.lv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1616, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsnl-noads.alekberg.net"; dns.query; content:"dnsnl-noads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1631, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsse-noads.alekberg.net"; dns.query; content:"dnsse-noads.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1633, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.as203038.net"; dns.query; content:"resolver.as203038.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1636, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dos.bytetel.net"; dns.query; content:"dos.bytetel.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1638, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yarp.lefolgoc.net"; dns.query; content:"yarp.lefolgoc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1649, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.r0cket.net"; dns.query; content:"resolver.r0cket.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1658, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.us1.segurodns.net"; dns.query; content:"doh.us1.segurodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1659, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ans2.tdnszone.net"; dns.query; content:"ans2.tdnszone.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1660, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ipoac.nl"; dns.query; content:"ipoac.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1664, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anydoh.sidnlabs.nl"; dns.query; content:"anydoh.sidnlabs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1666, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.sidnlabs.nl"; dns.query; content:"doh.sidnlabs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1667, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.artikel10.org"; dns.query; content:"dns.artikel10.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1668, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.syshero.org"; dns.query; content:"doh.syshero.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1677, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.neowutran.ovh"; dns.query; content:"doh.neowutran.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1682, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.xcom.pro"; dns.query; content:"doh.xcom.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27990484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1683, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.anonymous.pw"; dns.query; content:"dns.anonymous.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1685, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd.doh.sb"; dns.query; content:"au-syd.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1688, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-yyc.doh.sb"; dns.query; content:"ca-yyc.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1689, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-dus.doh.sb"; dns.query; content:"de-dus.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1690, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fra.doh.sb"; dns.query; content:"de-fra.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1691, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ee-tll.doh.sb"; dns.query; content:"ee-tll.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1692, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-hkg.doh.sb"; dns.query; content:"hk-hkg.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1693, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for in-blr.doh.sb"; dns.query; content:"in-blr.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1694, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-kix.doh.sb"; dns.query; content:"jp-kix.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1695, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-nrt.doh.sb"; dns.query; content:"jp-nrt.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1696, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr-sel.doh.sb"; dns.query; content:"kr-sel.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1697, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams.doh.sb"; dns.query; content:"nl-ams.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1698, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams2.doh.sb"; dns.query; content:"nl-ams2.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1699, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mow.doh.sb"; dns.query; content:"ru-mow.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1700, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-sin.doh.sb"; dns.query; content:"sg-sin.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1701, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk-lon.doh.sb"; dns.query; content:"uk-lon.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1702, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-doh.sb"; dns.query; content:"us-chi-doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27990501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1703, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudtrust.solutions"; dns.query; content:"dns.cloudtrust.solutions"; nocase; fast_pattern; classtype:bad-unknown; sid:27990502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1704, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kawa.tf"; dns.query; content:"dns.kawa.tf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1707, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.melalandia.tk"; dns.query; content:"dns.melalandia.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1708, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for do.dnscrypt.uk"; dns.query; content:"do.dnscrypt.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1710, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic2.i2pd.xyz"; dns.query; content:"opennic2.i2pd.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1716, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neatdns.ustclug.org"; dns.query; content:"neatdns.ustclug.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1725, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for berd.moe"; dns.query; content:"berd.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1731, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arashi.eu.org"; dns.query; content:"arashi.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1733, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ipv6dns.com"; dns.query; content:"dns.ipv6dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1734, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.futa.gg"; dns.query; content:"doh.futa.gg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1747, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hitian.me"; dns.query; content:"hitian.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1748, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lars-lehmann.net"; dns.query; content:"dns.lars-lehmann.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1750, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hydroxlab.ru.com"; dns.query; content:"hydroxlab.ru.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1753, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tundranet.hec.to"; dns.query; content:"tundranet.hec.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27990515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1758, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edgy-dns.com"; dns.query; content:"edgy-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1759, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.infotek.net.id"; dns.query; content:"doh.infotek.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1760, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.paesa.es"; dns.query; content:"dns.paesa.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27990518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1761, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.rezhajul.io"; dns.query; content:"doh.rezhajul.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1765, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sbydoh.limotelu.org"; dns.query; content:"sbydoh.limotelu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1766, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sby-doh.limotelu.org"; dns.query; content:"sby-doh.limotelu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1773, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unfiltered.adguard-dns.com"; dns.query; content:"unfiltered.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1774, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.apple.com.v.aaplimg.com"; dns.query; content:"doh.dns.apple.com.v.aaplimg.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1802, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard-dns.com"; dns.query; content:"dns.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1804, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.adguard-dns.com"; dns.query; content:"family.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1805, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.libredns.gr"; dns.query; content:"dot.libredns.gr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1807, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.freedns.controld.com"; dns.query; content:"family.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1808, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uncensored.freedns.controld.com"; dns.query; content:"uncensored.freedns.controld.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1809, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dandelionsprout.asuscomm.com"; dns.query; content:"dandelionsprout.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1810, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for max.rethinkdns.com"; dns.query; content:"max.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1812, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnslow.me"; dns.query; content:"dnslow.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1814, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lacontrevoie.fr"; dns.query; content:"doh.lacontrevoie.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1834, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xorbiadns.com"; dns.query; content:"xorbiadns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1854, updated_at 2023_01_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for catsimple.cf"; dns.query; content:"catsimple.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1985, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.7vpn.com"; dns.query; content:"dns.7vpn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1986, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ipoac.nl"; dns.query; content:"dns.ipoac.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1988, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for opennic1.eth-services.de"; dns.query; content:"opennic1.eth-services.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1990, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hinet.net"; dns.query; content:"dns.hinet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1991, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spacedns.org"; dns.query; content:"spacedns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2010, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.keweon.center"; dns.query; content:"dns.keweon.center"; nocase; fast_pattern; classtype:bad-unknown; sid:27990540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2014, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eddi.net"; dns.query; content:"dns.eddi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2020, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.froth.zone"; dns.query; content:"dns.froth.zone"; nocase; fast_pattern; classtype:bad-unknown; sid:27990542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2021, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a-bld.sys-adm.in"; dns.query; content:"a-bld.sys-adm.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2030, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.opennameserver.org"; dns.query; content:"ns1.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2032, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.opennameserver.org"; dns.query; content:"ns2.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2033, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.opennameserver.org"; dns.query; content:"ns3.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2034, updated_at 2023_01_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sky.rethinkdns.com"; dns.query; content:"sky.rethinkdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2044, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atelier.alica.idv.tw"; dns.query; content:"atelier.alica.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2056, updated_at 2022_11_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for awan.ftp.sh"; dns.query; content:"awan.ftp.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2057, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.vvvglass.com"; dns.query; content:"a.vvvglass.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2058, updated_at 2022_11_30;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nebula.tru.io"; dns.query; content:"nebula.tru.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2059, updated_at 2023_01_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nat64.tuxis.nl"; dns.query; content:"nat64.tuxis.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2060, updated_at 2023_01_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ines.zfn.uni-bremen.de"; dns.query; content:"ines.zfn.uni-bremen.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2061, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.wewitro.net"; dns.query; content:"doh.wewitro.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2062, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-dns1.bancuh.com"; dns.query; content:"sg-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2063, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-dns1.bancuh.com"; dns.query; content:"fr-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2064, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-dns1.bancuh.com"; dns.query; content:"jp-dns1.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2065, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk.teradns.org"; dns.query; content:"uk.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2068, updated_at 2023_01_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.teradns.org"; dns.query; content:"de.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2069, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ny.teradns.org"; dns.query; content:"ny.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2070, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tx.teradns.org"; dns.query; content:"tx.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2071, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.teradns.org"; dns.query; content:"sg.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2072, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for abel.waringer-atg.de"; dns.query; content:"abel.waringer-atg.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2073, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bitdefender.net"; dns.query; content:"dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2074, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chaos-system.de"; dns.query; content:"chaos-system.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2075, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca.doh.cloudveil.org"; dns.query; content:"ca.doh.cloudveil.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2076, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.doh.cloudveil.org"; dns.query; content:"us.doh.cloudveil.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2077, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.flodns.net"; dns.query; content:"ns1.flodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2080, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cluster-0.gac.edu"; dns.query; content:"cluster-0.gac.edu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2081, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cluster-1.gac.edu"; dns.query; content:"cluster-1.gac.edu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2082, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hshh.org"; dns.query; content:"ns2.hshh.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2083, updated_at 2022_11_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.i-evolve.net"; dns.query; content:"ns1.i-evolve.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2084, updated_at 2022_11_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qlf-doh.inria.fr"; dns.query; content:"qlf-doh.inria.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2085, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.novg.net"; dns.query; content:"dns.novg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2086, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pope.cnblw.me"; dns.query; content:"pope.cnblw.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2087, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muli.stusta.mhn.de"; dns.query; content:"muli.stusta.mhn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2088, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tls-data.de"; dns.query; content:"dns.tls-data.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2090, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for iris.woozeno.eu"; dns.query; content:"iris.woozeno.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2091, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wyx.cloud"; dns.query; content:"wyx.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2092, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zougloub.eu"; dns.query; content:"zougloub.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2093, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-dns2.bancuh.com"; dns.query; content:"fr-dns2.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2096, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-dns2.bancuh.com"; dns.query; content:"sg-dns2.bancuh.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2099, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure-dns.dns-ga.de"; dns.query; content:"secure-dns.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2102, updated_at 2023_01_19;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.azsopro.net"; dns.query; content:"dns.azsopro.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2115, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst3.absolight.net"; dns.query; content:"res-acst3.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2132, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dotdns.cryptroute.com"; dns.query; content:"dotdns.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2133, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dyn1.de"; dns.query; content:"dns.dyn1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2134, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fuchur.pentament.de"; dns.query; content:"fuchur.pentament.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2135, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.in-berlin.de"; dns.query; content:"dns1.in-berlin.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2136, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for irre.li"; dns.query; content:"irre.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2137, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kescher.at"; dns.query; content:"dns.kescher.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2138, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lastentarvike.fi"; dns.query; content:"lastentarvike.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2139, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zrh1-ns01.monzoon.net"; dns.query; content:"zrh1-ns01.monzoon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2140, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsc.torgues.net"; dns.query; content:"nsc.torgues.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2141, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pates.services.sfr.fr.casepp.sfr.fr"; dns.query; content:"pates.services.sfr.fr.casepp.sfr.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2142, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.slinkyman.net"; dns.query; content:"dns.slinkyman.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2143, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clientdns3.softcom.net"; dns.query; content:"clientdns3.softcom.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2144, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for esel.stusta.mhn.de"; dns.query; content:"esel.stusta.mhn.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2145, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for timmes.nl"; dns.query; content:"timmes.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2146, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for galileo.math.unipd.it"; dns.query; content:"galileo.math.unipd.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2147, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tor.vasi.li"; dns.query; content:"tor.vasi.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2148, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.totoro.pub"; dns.query; content:"doh.totoro.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27990602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2150, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.aguaslindasweb.com.br"; dns.query; content:"ns.aguaslindasweb.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27990603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2151, updated_at 2022_12_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bofh.in"; dns.query; content:"dns.bofh.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2152, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.daw.dev"; dns.query; content:"dns.daw.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2153, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.david888.com"; dns.query; content:"dns.david888.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2154, updated_at 2023_01_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dekonix.ru"; dns.query; content:"adguard.dekonix.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2155, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.elemental.software"; dns.query; content:"dns.elemental.software"; nocase; fast_pattern; classtype:bad-unknown; sid:27990608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2156, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fancyorg.at"; dns.query; content:"dns.fancyorg.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27990609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2157, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.flm9.net"; dns.query; content:"dns01.flm9.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2158, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.funtopia.tv"; dns.query; content:"doh.funtopia.tv"; nocase; fast_pattern; classtype:bad-unknown; sid:27990611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2159, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ginovs.nl"; dns.query; content:"dns.ginovs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2160, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for himedns.com"; dns.query; content:"himedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2161, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jackyes.ovh"; dns.query; content:"jackyes.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2162, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jfchenier.ca"; dns.query; content:"adguard.jfchenier.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2163, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.k3nny.fr"; dns.query; content:"dns.k3nny.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2164, updated_at 2023_01_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.molinero.dev"; dns.query; content:"dns.molinero.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2165, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nielsvoorn.nl"; dns.query; content:"adguard.nielsvoorn.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2166, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.niyawe.de"; dns.query; content:"doh.niyawe.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2167, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nullgate.net"; dns.query; content:"dns.nullgate.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2168, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.port53.dk"; dns.query; content:"doh.port53.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2169, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpsus3.pzhg.me"; dns.query; content:"vpsus3.pzhg.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2170, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.surfshark.com"; dns.query; content:"dns.surfshark.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2171, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vinnyp.xyz"; dns.query; content:"dns.vinnyp.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2172, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vinokurov.tk"; dns.query; content:"dns.vinokurov.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2173, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.warpnine.de"; dns.query; content:"dns.warpnine.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2174, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.xhr0no.my"; dns.query; content:"1.xhr0no.my"; nocase; fast_pattern; classtype:bad-unknown; sid:27990627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2175, updated_at 2023_01_18;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aihe.app"; dns.query; content:"aihe.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2176, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.almir1904.eu"; dns.query; content:"dns.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2177, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nsec.arnor.org"; dns.query; content:"nsec.arnor.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2178, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b612.me"; dns.query; content:"dns.b612.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2179, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.infosec.xyz"; dns.query; content:"dns.infosec.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2180, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.borjalopez.eu"; dns.query; content:"adblock.borjalopez.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2181, updated_at 2023_01_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.c-dns.com"; dns.query; content:"www.c-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2182, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ccb-net.it"; dns.query; content:"doh.ccb-net.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2183, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ceai.com.tw"; dns.query; content:"dns.ceai.com.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2184, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c.cicitt.ch"; dns.query; content:"c.cicitt.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2185, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.clanless.ovh"; dns.query; content:"dns.clanless.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2186, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.colorfreedom.org"; dns.query; content:"dns.colorfreedom.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2187, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.conne.net"; dns.query; content:"dns1.conne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2188, updated_at 2022_12_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.00dani.me"; dns.query; content:"ns.00dani.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2189, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.data.haus"; dns.query; content:"mail.data.haus"; nocase; fast_pattern; classtype:bad-unknown; sid:27990642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2190, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nz01.dns4me.net"; dns.query; content:"nz01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2191, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au01.dns4me.net"; dns.query; content:"au01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2192, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au02.dns4me.net"; dns.query; content:"au02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2193, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg01.dns4me.net"; dns.query; content:"sg01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2194, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uk01.dns4me.net"; dns.query; content:"uk01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2195, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us01.dns4me.net"; dns.query; content:"us01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2196, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us02.dns4me.net"; dns.query; content:"us02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2197, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sa01.dns4me.net"; dns.query; content:"sa01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2198, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dukun.de"; dns.query; content:"dukun.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2199, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.emiliyan.com"; dns.query; content:"dns.emiliyan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2200, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zzuhacker.cn"; dns.query; content:"dns.zzuhacker.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2201, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.funil.de"; dns.query; content:"doh.funil.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2202, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.grqu.de"; dns.query; content:"dns.grqu.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2203, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hanmey.de"; dns.query; content:"dns.hanmey.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2204, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole2.hoerli.net"; dns.query; content:"pihole2.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2205, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hshh.org"; dns.query; content:"hshh.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2206, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doth.huque.com"; dns.query; content:"doth.huque.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2207, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ihaveacloud.com"; dns.query; content:"dns.ihaveacloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2208, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for buc-m2.illmods.com"; dns.query; content:"buc-m2.illmods.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2209, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.indust.me"; dns.query; content:"dns.indust.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2210, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.jeroenhd.nl"; dns.query; content:"doh.jeroenhd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2211, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hahnjo.de"; dns.query; content:"dns.hahnjo.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2212, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kamilszczepanski.com"; dns.query; content:"dns.kamilszczepanski.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2213, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kernel-error.de"; dns.query; content:"dns.kernel-error.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2214, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kosan.moe"; dns.query; content:"dns.kosan.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27990667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2215, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xray.krnl.eu"; dns.query; content:"xray.krnl.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2216, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kswro.web.id"; dns.query; content:"kswro.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2217, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lightmaster.pw"; dns.query; content:"dns.lightmaster.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2218, updated_at 2023_01_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for br.servers.legat.ml"; dns.query; content:"br.servers.legat.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2219, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maybe.icu"; dns.query; content:"dns.maybe.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2220, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testaghome.meshkov.info"; dns.query; content:"testaghome.meshkov.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2221, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.truong.fi"; dns.query; content:"dns.truong.fi"; nocase; fast_pattern; classtype:bad-unknown; sid:27990674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2222, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnstls.mobik.com"; dns.query; content:"dnstls.mobik.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2223, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.murgi.de"; dns.query; content:"dns.murgi.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2224, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.myon.lu"; dns.query; content:"blackhole.myon.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2225, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ender.fr"; dns.query; content:"adguard.ender.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2226, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.luigi.nexific.it"; dns.query; content:"doh.luigi.nexific.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2227, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi1.node15.com"; dns.query; content:"pi1.node15.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2228, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.npe.bz"; dns.query; content:"dns.npe.bz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2229, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.onlyfriends.info"; dns.query; content:"adguard.onlyfriends.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2230, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp2.ooroot.com"; dns.query; content:"jp2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2231, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg2.ooroot.com"; dns.query; content:"sg2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2232, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk2.ooroot.com"; dns.query; content:"hk2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2233, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tw2.ooroot.com"; dns.query; content:"tw2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2234, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr2.ooroot.com"; dns.query; content:"kr2.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2235, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for at.pzhg.me"; dns.query; content:"at.pzhg.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2236, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rafn.is"; dns.query; content:"dns.rafn.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27990689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2237, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rayneau.fr"; dns.query; content:"rayneau.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2238, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.reckoningslug.name"; dns.query; content:"dns.reckoningslug.name"; nocase; fast_pattern; classtype:bad-unknown; sid:27990691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2239, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ricko.is"; dns.query; content:"ricko.is"; nocase; fast_pattern; classtype:bad-unknown; sid:27990692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2240, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rin.sh"; dns.query; content:"dns.rin.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2241, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sellan.fr"; dns.query; content:"dns.sellan.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2242, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for do.shimul.me"; dns.query; content:"do.shimul.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2243, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.silen.org"; dns.query; content:"dns.silen.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2244, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.startupstack.tech"; dns.query; content:"dns.startupstack.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2245, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.syaifullah.com"; dns.query; content:"dns.syaifullah.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2246, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tesem.dog"; dns.query; content:"dns.tesem.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27990699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2247, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.tezoi.com"; dns.query; content:"cloud.tezoi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2248, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ueni.dyndns.org"; dns.query; content:"ueni.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2249, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for your-dns.run"; dns.query; content:"your-dns.run"; nocase; fast_pattern; classtype:bad-unknown; sid:27990702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2250, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ypbind.de"; dns.query; content:"dns.ypbind.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2251, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zfsystem.tech"; dns.query; content:"dns.zfsystem.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27990704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2252, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst1.absolight.net"; dns.query; content:"res-acst1.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2351, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for res-acst2.absolight.net"; dns.query; content:"res-acst2.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2352, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver1.absolight.net"; dns.query; content:"resolver1.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2353, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver2.absolight.net"; dns.query; content:"resolver2.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2354, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver3.absolight.net"; dns.query; content:"resolver3.absolight.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2355, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole1.hoerli.net"; dns.query; content:"pihole1.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2356, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole3.hoerli.net"; dns.query; content:"pihole3.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2357, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole4.hoerli.net"; dns.query; content:"pihole4.hoerli.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2358, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns4.opennameserver.org"; dns.query; content:"ns4.opennameserver.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2359, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.futuredns.me"; dns.query; content:"dns.futuredns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2376, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bayas.dev"; dns.query; content:"dns.bayas.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2430, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hafidzradhival.my.id"; dns.query; content:"dns.hafidzradhival.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2431, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.qquack.org"; dns.query; content:"ns1.qquack.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2432, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-ny-alula.heliumcloud.cc"; dns.query; content:"us-ny-alula.heliumcloud.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2434, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cybershell.xyz"; dns.query; content:"dns.cybershell.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2471, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lsho.top"; dns.query; content:"dns.lsho.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2472, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.unstoppable.io"; dns.query; content:"resolver.unstoppable.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2473, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.velyn.my.id"; dns.query; content:"doh.velyn.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2474, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.flodns.net"; dns.query; content:"ns2.flodns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2480, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hotta.page"; dns.query; content:"dns.hotta.page"; nocase; fast_pattern; classtype:bad-unknown; sid:27990724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2481, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for free.shecan.ir"; dns.query; content:"free.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2482, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stevenz.net"; dns.query; content:"dns.stevenz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2483, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chromeina.top"; dns.query; content:"dns.chromeina.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27990727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2484, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpdns.cola16.app"; dns.query; content:"jpdns.cola16.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27990728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2485, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.datacore.ch"; dns.query; content:"doh.datacore.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27990729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2486, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-primary-pool.detoxifypornblocker.com"; dns.query; content:"doh-primary-pool.detoxifypornblocker.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2487, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca01.dns4me.net"; dns.query; content:"ca01.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2488, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca02.dns4me.net"; dns.query; content:"ca02.dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2489, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.frank-ruan.com"; dns.query; content:"dns.frank-ruan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2490, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-primary-pool.goodbyegambling.com"; dns.query; content:"doh-primary-pool.goodbyegambling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2491, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.haneulo.com"; dns.query; content:"adguard.haneulo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2492, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.hottis.de"; dns.query; content:"doh.hottis.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2493, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.buzz"; dns.query; content:"doh.buzz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2494, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.beauty"; dns.query; content:"doh.beauty"; nocase; fast_pattern; classtype:bad-unknown; sid:27990738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2495, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.killtw.im"; dns.query; content:"doh.killtw.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27990739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2496, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.meeo.win"; dns.query; content:"dns.meeo.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2497, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nala.ru"; dns.query; content:"doh.nala.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2498, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nhtsky.com"; dns.query; content:"dns.nhtsky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2499, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr1.ooroot.com"; dns.query; content:"kr1.ooroot.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2500, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.gcp.pathofgrace.com"; dns.query; content:"doh.gcp.pathofgrace.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2501, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pyry.me"; dns.query; content:"doh.pyry.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2502, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shecan.ir"; dns.query; content:"dns.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2503, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pro.shecan.ir"; dns.query; content:"pro.shecan.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2504, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.zachitect.com"; dns.query; content:"adguard.zachitect.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2505, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.aa4.co.uk"; dns.query; content:"adguard.aa4.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2532, updated_at 2022_12_14;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cloudmini.net"; dns.query; content:"adguard.cloudmini.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2533, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.justinnetworkingsolutions.com"; dns.query; content:"dns.justinnetworkingsolutions.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2534, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.theres.one"; dns.query; content:"dns.theres.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2535, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-dns.turker.info"; dns.query; content:"adguard-dns.turker.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2536, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-ironhide.ultima-thule.ru"; dns.query; content:"adguard-ironhide.ultima-thule.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2537, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wirimij.nl"; dns.query; content:"adguard.wirimij.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2538, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-kartoffel.zernico.de"; dns.query; content:"adguard-kartoffel.zernico.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2539, updated_at 2023_01_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-server.cf"; dns.query; content:"adguard-server.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2540, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ye.167g.com"; dns.query; content:"ye.167g.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2542, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oraclejp2.chungyu.com"; dns.query; content:"oraclejp2.chungyu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2543, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.dlinkddns.com"; dns.query; content:"home.dlinkddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2544, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tecmood.com"; dns.query; content:"dns.tecmood.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2546, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.xiaoniaoyou.com"; dns.query; content:"adguard.xiaoniaoyou.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2547, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.do"; dns.query; content:"mydns.do"; nocase; fast_pattern; classtype:bad-unknown; sid:27990763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2549, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.mydns.do"; dns.query; content:"www.mydns.do"; nocase; fast_pattern; classtype:bad-unknown; sid:27990764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2550, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for diplo.es"; dns.query; content:"diplo.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27990765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2551, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns02.almir1904.eu"; dns.query; content:"dns02.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2552, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1a.ns.ozer.im"; dns.query; content:"1a.ns.ozer.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27990767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2553, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ihatemy.live"; dns.query; content:"adguard.ihatemy.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27990768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2555, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.hjk.me"; dns.query; content:"ns2.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2556, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.josephyap.me"; dns.query; content:"adguard.josephyap.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2557, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.myddns.me"; dns.query; content:"adguard.myddns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2558, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.radityaharya.me"; dns.query; content:"dns.radityaharya.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2559, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.timboeh.me"; dns.query; content:"dns.timboeh.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2560, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.besoon.ml"; dns.query; content:"dns.besoon.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2561, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kent6.ajaest.net"; dns.query; content:"adguard.kent6.ajaest.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2562, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neilawsag.ddns.net"; dns.query; content:"neilawsag.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2564, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lege.despagne.net"; dns.query; content:"adguard.lege.despagne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2565, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ie-dub-w-1.nashkan.net"; dns.query; content:"ie-dub-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2566, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edgar.tobkar.net"; dns.query; content:"edgar.tobkar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2567, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad1guard.duckdns.org"; dns.query; content:"ad1guard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2570, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drovosekov.duckdns.org"; dns.query; content:"drovosekov.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2571, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home27.duckdns.org"; dns.query; content:"home27.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2572, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mikeliu.org"; dns.query; content:"dns.mikeliu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2573, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odcold.ru"; dns.query; content:"odcold.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2574, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for timeadc.ru"; dns.query; content:"timeadc.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2575, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cytrynowepole.tk"; dns.query; content:"cytrynowepole.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2577, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.djay.tk"; dns.query; content:"adguard.djay.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2578, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kendentil.org.uk"; dns.query; content:"kendentil.org.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2580, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.razor1911.xyz"; dns.query; content:"dns.razor1911.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2581, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.atakorah.com"; dns.query; content:"adguardhome.atakorah.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2582, updated_at 2023_01_23;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsdoh.art"; dns.query; content:"dnsdoh.art"; nocase; fast_pattern; classtype:bad-unknown; sid:27990791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2583, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 71c4dec2.d.adguard-dns.com"; dns.query; content:"71c4dec2.d.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2584, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns4all.eu"; dns.query; content:"doh.dns4all.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2586, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oceanprint.com.br"; dns.query; content:"dns.oceanprint.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27990794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2587, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgh.skyview.click"; dns.query; content:"adgh.skyview.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27990795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2588, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dawnings.cn"; dns.query; content:"www.dawnings.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2589, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.apollohct.com"; dns.query; content:"ag.apollohct.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2590, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgs02.just-a-web.com"; dns.query; content:"sgs02.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2591, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.surobe.com"; dns.query; content:"dns.surobe.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2592, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.avc.cx"; dns.query; content:"vps.avc.cx"; nocase; fast_pattern; classtype:bad-unknown; sid:27990800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2593, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jabber-server.de"; dns.query; content:"jabber-server.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2594, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolv.srv-pro.de"; dns.query; content:"resolv.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2595, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.nick85.eu"; dns.query; content:"dns1.nick85.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2596, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-sv-my01.aucnier.my.id"; dns.query; content:"dns-sv-my01.aucnier.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2597, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id-one.aucnier.my.id"; dns.query; content:"id-one.aucnier.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2598, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vdl.io"; dns.query; content:"dns.vdl.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2599, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bluemood.me"; dns.query; content:"bluemood.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2600, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c6.ownvps.ml"; dns.query; content:"c6.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2601, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.3dcapitaltrust.net"; dns.query; content:"dns.3dcapitaltrust.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2602, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-2.nashkan.net"; dns.query; content:"us-chi-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2603, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for visitoid.online"; dns.query; content:"visitoid.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27990811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2604, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ghost.pm"; dns.query; content:"dns.ghost.pm"; nocase; fast_pattern; classtype:bad-unknown; sid:27990812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2605, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nn7.pw"; dns.query; content:"adguard.nn7.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2606, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de.proshvip.space"; dns.query; content:"de.proshvip.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27990814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2607, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ray1.wewa.work"; dns.query; content:"ray1.wewa.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27990815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2608, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for az2q.xyz"; dns.query; content:"az2q.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2609, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.az2q.xyz"; dns.query; content:"www.az2q.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2610, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.ff0x.ca"; dns.query; content:"ag.ff0x.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27990818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2611, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blockads.cf"; dns.query; content:"blockads.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2612, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ux.go20.cf"; dns.query; content:"ux.go20.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2613, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skww726.cf"; dns.query; content:"skww726.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27990821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2614, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noads.cloud"; dns.query; content:"noads.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2615, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xinwujiang.cn"; dns.query; content:"dns.xinwujiang.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2616, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adrianlam.com"; dns.query; content:"dns.adrianlam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2617, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudseriousshit.com"; dns.query; content:"cloudseriousshit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2618, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.eajtech.com"; dns.query; content:"dns01.eajtech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2619, updated_at 2022_12_31;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for garage.jjlizz.com"; dns.query; content:"garage.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2620, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for karimdns.com"; dns.query; content:"karimdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2621, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for powercloud.myasustor.com"; dns.query; content:"powercloud.myasustor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2622, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.qenisis.com"; dns.query; content:"adguard.qenisis.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2623, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-east.tylerwahl.com"; dns.query; content:"dns-east.tylerwahl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2624, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for typaza.com"; dns.query; content:"typaza.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2625, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ondrejsramek.cz"; dns.query; content:"adguard.ondrejsramek.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2626, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.qooqle.date"; dns.query; content:"dot.qooqle.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27990834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2627, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chriskutschker.de"; dns.query; content:"chriskutschker.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2628, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.chriskutschker.de"; dns.query; content:"adguard.chriskutschker.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2629, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.adguard.chriskutschker.de"; dns.query; content:"www.adguard.chriskutschker.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2630, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nxtcld.chriskutschker.de"; dns.query; content:"nxtcld.chriskutschker.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2631, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.chriskutschker.de"; dns.query; content:"www.chriskutschker.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2632, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-enzel.de"; dns.query; content:"dns-enzel.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2633, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for project-evoex.de"; dns.query; content:"project-evoex.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2634, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.psociety.de"; dns.query; content:"dns.psociety.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2635, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.siry.de"; dns.query; content:"dns.siry.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2636, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.avdkishore.dev"; dns.query; content:"adguard.avdkishore.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2637, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.azcom.dev"; dns.query; content:"dns.azcom.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2638, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kr.chavy.dev"; dns.query; content:"dns.kr.chavy.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2639, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kashall.dev"; dns.query; content:"dns.kashall.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27990847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2640, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for genscorp.es"; dns.query; content:"genscorp.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27990848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2641, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 51-159-64-28.rev.poneytelecom.eu"; dns.query; content:"51-159-64-28.rev.poneytelecom.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2642, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.serverhostig.eu"; dns.query; content:"adguard.serverhostig.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2643, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.harvester.fr"; dns.query; content:"dns.harvester.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2644, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pouifamily.fr"; dns.query; content:"adguard.pouifamily.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2645, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qkc.fr"; dns.query; content:"dns.qkc.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2646, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardh.ga"; dns.query; content:"adguardh.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27990854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2647, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for newconnect.ga"; dns.query; content:"newconnect.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27990855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2648, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.unima.ac.id"; dns.query; content:"adguard2.unima.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2649, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for open-resolver1.unima.ac.id"; dns.query; content:"open-resolver1.unima.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2650, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.spil.co.id"; dns.query; content:"dns.spil.co.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2651, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oii.im"; dns.query; content:"dns.oii.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27990859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2652, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.harrache.info"; dns.query; content:"dns.harrache.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2653, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unx.io"; dns.query; content:"dns.unx.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27990861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2654, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jungle-im.ir"; dns.query; content:"dns.jungle-im.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27990862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2655, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.afna.link"; dns.query; content:"doh.afna.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27990863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2656, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yair.link"; dns.query; content:"yair.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27990864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2657, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.shimul.me"; dns.query; content:"dns.shimul.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2658, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arches-srv1.8ws.net"; dns.query; content:"arches-srv1.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2659, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arches-srv2.8ws.net"; dns.query; content:"arches-srv2.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2660, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outie.8ws.net"; dns.query; content:"outie.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2661, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for outiejr.8ws.net"; dns.query; content:"outiejr.8ws.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2662, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ambiya.net"; dns.query; content:"adguard.ambiya.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2663, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-tls.chamberirc.net"; dns.query; content:"dns-tls.chamberirc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2664, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudlnk.net"; dns.query; content:"dns.cloudlnk.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2665, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leochen-dns.ddns.net"; dns.query; content:"leochen-dns.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2666, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sradminfk.ddns.net"; dns.query; content:"sradminfk.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2667, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps1.jnraptor.net"; dns.query; content:"vps1.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2668, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads-eu.landgame.net"; dns.query; content:"ads-eu.landgame.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2669, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for id-pon-w-1.nashkan.net"; dns.query; content:"id-pon-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2670, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ps-tel-w-2.nashkan.net"; dns.query; content:"ps-tel-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2671, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tr-izm-w-1.nashkan.net"; dns.query; content:"tr-izm-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2672, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-den-w-1.nashkan.net"; dns.query; content:"us-den-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2673, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for serbri.net"; dns.query; content:"serbri.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2674, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.herkhof.nl"; dns.query; content:"dns.herkhof.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2675, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.forst.one"; dns.query; content:"adguard.forst.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2676, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hakim.one"; dns.query; content:"dns.hakim.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2677, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.hakim.one"; dns.query; content:"dns2.hakim.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2678, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mitron.one"; dns.query; content:"mitron.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2679, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.mitron.one"; dns.query; content:"www.mitron.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2680, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnscity.org"; dns.query; content:"dnscity.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2681, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o--o.duckdns.org"; dns.query; content:"o--o.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2682, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tungdnsne.duckdns.org"; dns.query; content:"tungdnsne.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2683, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tylda.duckdns.org"; dns.query; content:"tylda.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2684, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for davidzeh.eu.org"; dns.query; content:"davidzeh.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2685, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.sunday.eu.org"; dns.query; content:"a.sunday.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2686, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for itlikehell.ru"; dns.query; content:"itlikehell.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2687, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.oms-ctr.ru"; dns.query; content:"adguard.oms-ctr.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2688, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for visitoid.ru"; dns.query; content:"visitoid.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2689, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn-for-test.ru"; dns.query; content:"vpn-for-test.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2690, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.youroute.ru"; dns.query; content:"adguard.youroute.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2691, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for debbix.site"; dns.query; content:"debbix.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27990899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2692, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.vegann.space"; dns.query; content:"adguard.vegann.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27990900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2693, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muc-ns02.ibytex.systems"; dns.query; content:"muc-ns02.ibytex.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27990901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2694, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.muc-ns02.ibytex.systems"; dns.query; content:"www.muc-ns02.ibytex.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27990902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2695, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for duyyen.tk"; dns.query; content:"duyyen.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2696, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.tk"; dns.query; content:"ychen.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2697, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frontpace.co.uk"; dns.query; content:"frontpace.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27990905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2698, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.n3120.wang"; dns.query; content:"dns1.n3120.wang"; nocase; fast_pattern; classtype:bad-unknown; sid:27990906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2699, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sscw.win"; dns.query; content:"adguard.sscw.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27990907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2700, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for protectify.work"; dns.query; content:"protectify.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27990908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2701, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.68360612.xyz"; dns.query; content:"jp.68360612.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2702, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cays.eyecay.xyz"; dns.query; content:"cays.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2703, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itcz.xyz"; dns.query; content:"dns.itcz.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2704, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tlz.asia"; dns.query; content:"dns.tlz.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27990912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2706, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nxa.21.ax"; dns.query; content:"nxa.21.ax"; nocase; fast_pattern; classtype:bad-unknown; sid:27990913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2707, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for firewall.darknet.bg"; dns.query; content:"firewall.darknet.bg"; nocase; fast_pattern; classtype:bad-unknown; sid:27990914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2708, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.aminetwork.biz"; dns.query; content:"adguard.aminetwork.biz"; nocase; fast_pattern; classtype:bad-unknown; sid:27990915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2709, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neta.a-desg.cc"; dns.query; content:"neta.a-desg.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27990916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2710, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dessoi.cloud"; dns.query; content:"adguard.dessoi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27990917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2711, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lsxnb.cn"; dns.query; content:"dns.lsxnb.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27990918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2712, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.5ososea.com"; dns.query; content:"kids.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2713, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sradg.eastus.cloudapp.azure.com"; dns.query; content:"sradg.eastus.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2714, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.carson-family.com"; dns.query; content:"dns.carson-family.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2715, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.esegece.com"; dns.query; content:"dns.esegece.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2716, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-family.esegece.com"; dns.query; content:"dns-family.esegece.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2717, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for astana.geekgalaxy.com"; dns.query; content:"astana.geekgalaxy.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2718, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.grussenmeyer.com"; dns.query; content:"vps.grussenmeyer.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2719, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.k0rap.com"; dns.query; content:"adguard.k0rap.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2720, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.koodeau.com"; dns.query; content:"dns.koodeau.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2721, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp3.meidouling.com"; dns.query; content:"jp3.meidouling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2722, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.simulhost.com"; dns.query; content:"dns.simulhost.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2723, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.simulhost.com"; dns.query; content:"www.dns.simulhost.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2724, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.surfbelow.com"; dns.query; content:"www.surfbelow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2725, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trapdns.com"; dns.query; content:"trapdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2726, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.xryen.com"; dns.query; content:"dns.xryen.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27990933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2727, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.hm3.day"; dns.query; content:"jp.hm3.day"; nocase; fast_pattern; classtype:bad-unknown; sid:27990934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2728, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.1xyz.de"; dns.query; content:"dns.1xyz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2729, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for florian-reichelt.de"; dns.query; content:"florian-reichelt.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2730, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.mcasviper.de"; dns.query; content:"doh.mcasviper.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27990937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2731, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lunet.design"; dns.query; content:"dns.lunet.design"; nocase; fast_pattern; classtype:bad-unknown; sid:27990938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2732, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-fw2.sa-sa.eu"; dns.query; content:"dns-fw2.sa-sa.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2733, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.skrep.eu"; dns.query; content:"dns.skrep.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2734, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.xn--wosk-tya9k.eu"; dns.query; content:"dot.xn--wosk-tya9k.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27990941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2735, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.connect.fail"; dns.query; content:"dns.connect.fail"; nocase; fast_pattern; classtype:bad-unknown; sid:27990942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2736, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zarchbox.fr"; dns.query; content:"dns.zarchbox.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27990943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2737, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dupatruwi22.fun"; dns.query; content:"dupatruwi22.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27990944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2738, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dupatruwi22.fun"; dns.query; content:"www.dupatruwi22.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27990945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2739, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.kirmanak.gq"; dns.query; content:"adguardhome.kirmanak.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27990946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2740, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gnb09.id"; dns.query; content:"dns.gnb09.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27990947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2741, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d365.in"; dns.query; content:"dns.d365.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2742, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.nods.in"; dns.query; content:"adg.nods.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27990949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2743, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amz.long-nguyen.info"; dns.query; content:"amz.long-nguyen.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2744, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.wagno.info"; dns.query; content:"ns1.wagno.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27990951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2745, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eliatofani.it"; dns.query; content:"dns.eliatofani.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2746, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spiderman.cust.nexific.it"; dns.query; content:"spiderman.cust.nexific.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2747, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1-secure.wifire.it"; dns.query; content:"dns1-secure.wifire.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27990954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2748, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.e2ee.li"; dns.query; content:"dns1.e2ee.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27990955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2749, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chriscsc.me"; dns.query; content:"dns.chriscsc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2750, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-home.myddns.me"; dns.query; content:"adguard-home.myddns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27990957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2751, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kufei.ml"; dns.query; content:"kufei.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2752, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lfac.ml"; dns.query; content:"dns.lfac.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2753, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surt.ml"; dns.query; content:"surt.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27990960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2754, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.blissdns.net"; dns.query; content:"us1.blissdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2755, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wanam.ddns.net"; dns.query; content:"wanam.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2756, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for faradns.net"; dns.query; content:"faradns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2757, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-1.nashkan.net"; dns.query; content:"de-fsn-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2758, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-9.nashkan.net"; dns.query; content:"de-fsn-w-9.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2759, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ua-kyv-w-1.nashkan.net"; dns.query; content:"ua-kyv-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2760, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for creal.sytes.net"; dns.query; content:"creal.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2761, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myagh.viewdns.net"; dns.query; content:"myagh.viewdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27990968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2762, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b33.network"; dns.query; content:"dns.b33.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27990969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2763, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dutchwhite.nl"; dns.query; content:"dns.dutchwhite.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2764, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pragmasec.nl"; dns.query; content:"dns.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2765, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.pragmasec.nl"; dns.query; content:"doh.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2766, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.pragmasec.nl"; dns.query; content:"dot.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2767, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for imap.pragmasec.nl"; dns.query; content:"imap.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2768, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.pragmasec.nl"; dns.query; content:"mail.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2769, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.pragmasec.nl"; dns.query; content:"server.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2770, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for smtp.pragmasec.nl"; dns.query; content:"smtp.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2771, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webmail.pragmasec.nl"; dns.query; content:"webmail.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2772, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webmeel.pragmasec.nl"; dns.query; content:"webmeel.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2773, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rowdyengeesje.nl"; dns.query; content:"adguard.rowdyengeesje.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27990980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2774, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nafni.one"; dns.query; content:"nafni.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2775, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for the.nafni.one"; dns.query; content:"the.nafni.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27990982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2776, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.apigw.online"; dns.query; content:"dns.apigw.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27990983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2777, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dieucq.online"; dns.query; content:"dieucq.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27990984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2778, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for goitoi.duckdns.org"; dns.query; content:"goitoi.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2779, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kiwifunke.duckdns.org"; dns.query; content:"kiwifunke.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2780, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olivier-adguard.duckdns.org"; dns.query; content:"olivier-adguard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2781, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x-o-x.duckdns.org"; dns.query; content:"x-o-x.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2782, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg2.tt502.eu.org"; dns.query; content:"sg2.tt502.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2783, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leo.z0p.org"; dns.query; content:"leo.z0p.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27990990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2784, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for levislondon-proxy.nerdpol.ovh"; dns.query; content:"levislondon-proxy.nerdpol.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27990991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2785, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.x11.pw"; dns.query; content:"dns.x11.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27990992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2786, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dergun.quest"; dns.query; content:"dergun.quest"; nocase; fast_pattern; classtype:bad-unknown; sid:27990993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2787, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eweyo.ru"; dns.query; content:"eweyo.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2788, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.eweyo.ru"; dns.query; content:"www.eweyo.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2789, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ga3inur.ru"; dns.query; content:"ga3inur.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2790, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.ga3inur.ru"; dns.query; content:"www.ga3inur.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2791, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.geshido.ru"; dns.query; content:"vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2792, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for geshido.vpn.geshido.ru"; dns.query; content:"geshido.vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27990999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2793, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roma.vpn.geshido.ru"; dns.query; content:"roma.vpn.geshido.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2794, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wir.rbs-net.ru"; dns.query; content:"wir.rbs-net.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2795, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ssdns.ru"; dns.query; content:"ssdns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2796, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nnet.services"; dns.query; content:"dns.nnet.services"; nocase; fast_pattern; classtype:bad-unknown; sid:27991003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2797, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn-tw.teng.sh"; dns.query; content:"vpn-tw.teng.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2798, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.1833015459.site"; dns.query; content:"dns.1833015459.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2799, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cynntex.site"; dns.query; content:"cynntex.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2800, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.b33.space"; dns.query; content:"dns.b33.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2801, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for b5lwtlgyqyly1typvyshftccwxuhk3zq.space"; dns.query; content:"b5lwtlgyqyly1typvyshftccwxuhk3zq.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2802, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns.jpr.space"; dns.query; content:"addns.jpr.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2803, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns01.lflemming.space"; dns.query; content:"ns01.lflemming.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2804, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lightmaster.space"; dns.query; content:"dns.lightmaster.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2805, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for valis.sx"; dns.query; content:"valis.sx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2806, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brian-hong.tech"; dns.query; content:"dns.brian-hong.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2807, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.asf1992labs.tk"; dns.query; content:"dns.asf1992labs.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2808, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.f7b6h9.tk"; dns.query; content:"home.f7b6h9.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2809, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lf-ns-001.my.to"; dns.query; content:"lf-ns-001.my.to"; nocase; fast_pattern; classtype:bad-unknown; sid:27991016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2810, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hjh2007.top"; dns.query; content:"dns.hjh2007.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2811, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myweiqi.top"; dns.query; content:"myweiqi.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2812, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yyaan.top"; dns.query; content:"yyaan.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2813, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qaz.tw"; dns.query; content:"qaz.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2814, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zetland.rm-ni.uk"; dns.query; content:"zetland.rm-ni.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2815, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xn--80aecoigf4aatn.xn--p1ai"; dns.query; content:"xn--80aecoigf4aatn.xn--p1ai"; nocase; fast_pattern; classtype:bad-unknown; sid:27991022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2816, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t3c.240130034.xyz"; dns.query; content:"t3c.240130034.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2817, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tj.jamesxue.xyz"; dns.query; content:"tj.jamesxue.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2818, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aws.razor1911.xyz"; dns.query; content:"aws.razor1911.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2819, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for telex.app"; dns.query; content:"telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2820, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mulu.at"; dns.query; content:"adguard.mulu.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2821, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.mulu.at"; dns.query; content:"pihole.mulu.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2822, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chuppa.com.au"; dns.query; content:"dns.chuppa.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2823, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vm.mytm.cc"; dns.query; content:"vm.mytm.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2824, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.sas-wres.cc"; dns.query; content:"dns3.sas-wres.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2825, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns168.zhhz.cc"; dns.query; content:"dns168.zhhz.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2826, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bluemeda.cf"; dns.query; content:"dns.bluemeda.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2827, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.muxinghe.cn"; dns.query; content:"dns.muxinghe.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2828, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tipsy.coffee"; dns.query; content:"dns.tipsy.coffee"; nocase; fast_pattern; classtype:bad-unknown; sid:27991035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2829, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.5ososea.com"; dns.query; content:"dns.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2830, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cedricreitz.com"; dns.query; content:"cedricreitz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2831, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for colesdns.com"; dns.query; content:"colesdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2832, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.davidruhmann.com"; dns.query; content:"dns.davidruhmann.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2833, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dlcea.com"; dns.query; content:"dlcea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2834, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usdedi.ecapsul.com"; dns.query; content:"usdedi.ecapsul.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2835, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for promsdns.com"; dns.query; content:"promsdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2836, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for autodiscover.promsdns.com"; dns.query; content:"autodiscover.promsdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2837, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.promsdns.com"; dns.query; content:"mail.promsdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2838, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for owa.promsdns.com"; dns.query; content:"owa.promsdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2839, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.promsdns.com"; dns.query; content:"www.promsdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2840, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r1bnc.com"; dns.query; content:"r1bnc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2841, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve.srv-pro.de"; dns.query; content:"resolve.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2842, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.malwarelul.download"; dns.query; content:"dns.malwarelul.download"; nocase; fast_pattern; classtype:bad-unknown; sid:27991049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2843, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns03.almir1904.eu"; dns.query; content:"dns03.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2844, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh3.almir1904.eu"; dns.query; content:"doh3.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2845, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unasw.eu"; dns.query; content:"unasw.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2846, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.unasw.eu"; dns.query; content:"www.unasw.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2847, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.req1.fr"; dns.query; content:"dns.req1.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2848, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.kapuyhome.hu"; dns.query; content:"adguard1.kapuyhome.hu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2849, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anggityuls.my.id"; dns.query; content:"anggityuls.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2850, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.junacell.my.id"; dns.query; content:"adblock.junacell.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2851, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ads.x88.in"; dns.query; content:"ads.x88.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2852, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kcolspacrm.ir"; dns.query; content:"kcolspacrm.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27991059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2853, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.geili.me"; dns.query; content:"adg.geili.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2854, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myadguardhome.me"; dns.query; content:"myadguardhome.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2855, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.myadguardhome.me"; dns.query; content:"www.myadguardhome.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2856, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bcandrade.ml"; dns.query; content:"bcandrade.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2857, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stvsk.ml"; dns.query; content:"dns.stvsk.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2858, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kinnee.net"; dns.query; content:"adguard.kinnee.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2859, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for it-pal-w-1.nashkan.net"; dns.query; content:"it-pal-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2860, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for se-sto-w-1.nashkan.net"; dns.query; content:"se-sto-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2861, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-den-w-2.nashkan.net"; dns.query; content:"us-den-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2862, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tkhome.nl"; dns.query; content:"dns.tkhome.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2863, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.inf.nu"; dns.query; content:"dns.inf.nu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2864, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.niub.one"; dns.query; content:"dns1.niub.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2865, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cdzopi.duckdns.org"; dns.query; content:"cdzopi.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2866, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.adblocker.eu.org"; dns.query; content:"dns2.adblocker.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2867, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for r1bnc.eu.org"; dns.query; content:"r1bnc.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2868, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au.teradns.org"; dns.query; content:"au.teradns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2869, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pw1602.pl"; dns.query; content:"adguard.pw1602.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2870, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nilanjan.rocks"; dns.query; content:"nilanjan.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27991077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2871, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.nilanjan.rocks"; dns.query; content:"www.nilanjan.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27991078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2872, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nas-server.ru"; dns.query; content:"dns.nas-server.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2873, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yario.ru"; dns.query; content:"yario.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2874, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.yario.ru"; dns.query; content:"www.yario.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2875, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for banhbaothiu.site"; dns.query; content:"banhbaothiu.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2876, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rameshsoma.tech"; dns.query; content:"adguard.rameshsoma.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2877, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bigart-dns.tk"; dns.query; content:"bigart-dns.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2878, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard-linodefree.tk"; dns.query; content:"guard-linodefree.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2879, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for t2c.240130034.xyz"; dns.query; content:"t2c.240130034.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2880, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.295652400.xyz"; dns.query; content:"www.295652400.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2881, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.886886886.xyz"; dns.query; content:"dns.886886886.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2882, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.luoxi.xyz"; dns.query; content:"doh.luoxi.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2883, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.mezha.xyz"; dns.query; content:"vpn.mezha.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2884, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.vpn.mezha.xyz"; dns.query; content:"www.vpn.mezha.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2885, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jjm.asia"; dns.query; content:"jjm.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2886, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jimirobaer.be"; dns.query; content:"dns.jimirobaer.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27991093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2887, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.sas-wres.cc"; dns.query; content:"dns2.sas-wres.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2888, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wccw.cc"; dns.query; content:"wccw.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2889, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tokyo.cricoin.cf"; dns.query; content:"tokyo.cricoin.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2890, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.felipe.cloud"; dns.query; content:"dns.felipe.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2891, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.yatesfamily.cloud"; dns.query; content:"secure.yatesfamily.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2892, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.andreykiv.com"; dns.query; content:"dns.andreykiv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2893, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.catrone3.com"; dns.query; content:"adguard.catrone3.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2894, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dionperera.com"; dns.query; content:"dns.dionperera.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2895, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gclouddns.com"; dns.query; content:"gclouddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2896, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.laurenlaufman.com"; dns.query; content:"adguard.laurenlaufman.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2897, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maku-tech.com"; dns.query; content:"maku-tech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2898, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.meidouling.com"; dns.query; content:"hk.meidouling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2899, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nzcow.com"; dns.query; content:"dns.nzcow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2900, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thanos.pleumkungz.com"; dns.query; content:"thanos.pleumkungz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2901, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for torettohome.com"; dns.query; content:"torettohome.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2902, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wantaquddin.com"; dns.query; content:"wantaquddin.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2903, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.luan.contact"; dns.query; content:"dns1.luan.contact"; nocase; fast_pattern; classtype:bad-unknown; sid:27991110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2904, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alpha-dns.de"; dns.query; content:"alpha-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2905, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.alpha-dns.de"; dns.query; content:"www.alpha-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2906, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcornet.freeboxos.fr"; dns.query; content:"pcornet.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2907, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.koshonsa.fr"; dns.query; content:"adguard.koshonsa.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2908, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roc.net.sys.of.icu"; dns.query; content:"roc.net.sys.of.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2909, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.apemlegit.my.id"; dns.query; content:"d.apemlegit.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2910, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-sv-id01.aucnier.my.id"; dns.query; content:"dns-sv-id01.aucnier.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2911, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.gms.net.id"; dns.query; content:"dns2.gms.net.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2912, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dub.r.rnet.ie"; dns.query; content:"dub.r.rnet.ie"; nocase; fast_pattern; classtype:bad-unknown; sid:27991119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2913, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.technovus.in"; dns.query; content:"adblock.technovus.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2914, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.isteal.info"; dns.query; content:"dns.isteal.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2915, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lops.lol"; dns.query; content:"lops.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27991122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2916, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for toaster.lol"; dns.query; content:"toaster.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27991123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2917, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sink.nolo.ltd"; dns.query; content:"sink.nolo.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2918, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns53.dipen.me"; dns.query; content:"dns53.dipen.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2919, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dscloud.me"; dns.query; content:"doh.dscloud.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2920, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dgca.myds.me"; dns.query; content:"dgca.myds.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2921, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.noad.me"; dns.query; content:"dns.noad.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2922, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.redroot.me"; dns.query; content:"dns.redroot.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2923, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for airmaxcloud.ml"; dns.query; content:"airmaxcloud.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2924, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rml.mobi"; dns.query; content:"rml.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27991131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2925, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adguard.kozich.net"; dns.query; content:"dns.adguard.kozich.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2926, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.kreonet.net"; dns.query; content:"adns.kreonet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2927, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-2.nashkan.net"; dns.query; content:"de-fsn-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2928, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for streltsov.net"; dns.query; content:"streltsov.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2929, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.streltsov.net"; dns.query; content:"www.streltsov.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2930, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.niub.one"; dns.query; content:"dns2.niub.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2931, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jatadguardhome.duckdns.org"; dns.query; content:"jatadguardhome.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2932, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sgpcloud.duckdns.org"; dns.query; content:"sgpcloud.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2933, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tw2.duckdns.org"; dns.query; content:"tw2.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2934, updated_at 2022_12_17;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh-dns.hoover.eu.org"; dns.query; content:"doh-dns.hoover.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2935, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.frankslabs.org"; dns.query; content:"dns.frankslabs.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2936, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-passage.9273082020.ru"; dns.query; content:"de-passage.9273082020.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2937, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.randomaizer.lentel.ru"; dns.query; content:"adguard.randomaizer.lentel.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2938, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jaye.sh"; dns.query; content:"jaye.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2939, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stream.securely.sh"; dns.query; content:"stream.securely.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2940, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arespctw.tk"; dns.query; content:"arespctw.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2941, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jupiter1013.tk"; dns.query; content:"jupiter1013.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2942, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for trojan.nowave.top"; dns.query; content:"trojan.nowave.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2943, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.marcbond.uk"; dns.query; content:"dns.marcbond.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2944, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 16112021.xyz"; dns.query; content:"16112021.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2945, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hole.elbschloss.xyz"; dns.query; content:"hole.elbschloss.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2946, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for roboticsbenchmarking.xyz"; dns.query; content:"roboticsbenchmarking.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2947, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for in-dns.sanselva.xyz"; dns.query; content:"in-dns.sanselva.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2948, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ublock-dns-resolver-02.northeurope.cloudapp.azure.com"; dns.query; content:"ublock-dns-resolver-02.northeurope.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2949, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for disbish.com"; dns.query; content:"disbish.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2950, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hostedadguard.greatharts.com"; dns.query; content:"hostedadguard.greatharts.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2951, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hakutakucn.com"; dns.query; content:"dns.hakutakucn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2952, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.imaicool.com"; dns.query; content:"dns.imaicool.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2953, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddd.loukky.com"; dns.query; content:"ddd.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2954, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mikewaddick.com"; dns.query; content:"mikewaddick.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2955, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for walker.mynetgear.com"; dns.query; content:"walker.mynetgear.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2956, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for prvt-room.com"; dns.query; content:"prvt-room.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2957, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3krkr.tonedtanya.com"; dns.query; content:"3krkr.tonedtanya.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2958, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.betamax65.de"; dns.query; content:"adguard.betamax65.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2959, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myhottiemama.de"; dns.query; content:"myhottiemama.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2960, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sbdns.co.in"; dns.query; content:"sbdns.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2961, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.bruckmoser.it"; dns.query; content:"home.bruckmoser.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2962, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gusdns.ddns.me"; dns.query; content:"gusdns.ddns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2963, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.pakuchi-tree.ml"; dns.query; content:"dns.pakuchi-tree.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2964, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.luotianyi.net"; dns.query; content:"dns.luotianyi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2965, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.norgan.net"; dns.query; content:"dns.norgan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2966, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ginnungagap.rabenhain.net"; dns.query; content:"ginnungagap.rabenhain.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2967, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tomitomix.net"; dns.query; content:"dns.tomitomix.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2968, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2dns.duckdns.org"; dns.query; content:"2dns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2969, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dmr.pw"; dns.query; content:"dns.dmr.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2970, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ar777trg.tech"; dns.query; content:"adguard.ar777trg.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2971, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chinh.tk"; dns.query; content:"dns.chinh.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2972, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-dns.cattery.work"; dns.query; content:"hk-dns.cattery.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27991179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2973, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.linkr.ninja"; dns.query; content:"dns.linkr.ninja"; nocase; fast_pattern; classtype:bad-unknown; sid:27991180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2975, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d4d.moe"; dns.query; content:"dns.d4d.moe"; nocase; fast_pattern; classtype:bad-unknown; sid:27991181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2976, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ha-dvin.pp.ua"; dns.query; content:"dns.ha-dvin.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2977, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ihctw.synology.me"; dns.query; content:"ihctw.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2978, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.invisv.com"; dns.query; content:"dns.invisv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2979, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shuting.idv.tw"; dns.query; content:"adguard.shuting.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2981, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.southam.family"; dns.query; content:"doh.southam.family"; nocase; fast_pattern; classtype:bad-unknown; sid:27991186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2982, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.youni.win"; dns.query; content:"dns.youni.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2983, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.zephyrus.id"; dns.query; content:"doh.zephyrus.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2984, updated_at 2023_01_07;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.familiamichels.com.br"; dns.query; content:"dns.familiamichels.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2993, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-ext.familiamichels.com.br"; dns.query; content:"dns-ext.familiamichels.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2994, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.2poi.com"; dns.query; content:"dns.2poi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2995, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bluestarnc.com"; dns.query; content:"dns.bluestarnc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2996, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gusald.com"; dns.query; content:"gusald.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2997, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nguyendn.com"; dns.query; content:"dns.nguyendn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2999, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.nzcow.com"; dns.query; content:"dns2.nzcow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3000, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tycholaz.com"; dns.query; content:"dns.tycholaz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3001, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atlantic.dyn1.de"; dns.query; content:"atlantic.dyn1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3002, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for onlyaltf4.de"; dns.query; content:"onlyaltf4.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3003, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.piriot.de"; dns.query; content:"dns.piriot.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3004, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shalenkov.dev"; dns.query; content:"shalenkov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3005, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vasaweb.eu"; dns.query; content:"dns.vasaweb.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3006, updated_at 2022_12_20;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.spok.fun"; dns.query; content:"dns.spok.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3008, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.anir0y.in"; dns.query; content:"dot.anir0y.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3010, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for findmethedns.info"; dns.query; content:"findmethedns.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3011, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lorc17-dns.komeho.info"; dns.query; content:"lorc17-dns.komeho.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3012, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for intertop.link"; dns.query; content:"intertop.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3013, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for notgoogle.mobi"; dns.query; content:"notgoogle.mobi"; nocase; fast_pattern; classtype:bad-unknown; sid:27991207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3015, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.1899.com.mx"; dns.query; content:"ns1.1899.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3016, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cvt-ic-us-adns-001.clearviewtechnology.net"; dns.query; content:"cvt-ic-us-adns-001.clearviewtechnology.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3017, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas302.ddns.net"; dns.query; content:"nas302.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3018, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for premiumtier-network.instadart.net"; dns.query; content:"premiumtier-network.instadart.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3019, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-12.nashkan.net"; dns.query; content:"de-fsn-w-12.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3020, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-nue-w-1.nashkan.net"; dns.query; content:"de-nue-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3021, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ofdoom.net"; dns.query; content:"dns.ofdoom.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3022, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-i-5.tegant.net"; dns.query; content:"de-fsn-i-5.tegant.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3023, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for waguns.net"; dns.query; content:"waguns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3024, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns9999.duckdns.org"; dns.query; content:"dns9999.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3025, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privado.ovh"; dns.query; content:"dns.privado.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3026, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1dx.ru"; dns.query; content:"1dx.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3027, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-adguard.ru"; dns.query; content:"dns-adguard.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3028, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for elshad-adgh-dns.ru"; dns.query; content:"elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3029, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for autodiscover.elshad-adgh-dns.ru"; dns.query; content:"autodiscover.elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3030, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.elshad-adgh-dns.ru"; dns.query; content:"mail.elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3031, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for owa.elshad-adgh-dns.ru"; dns.query; content:"owa.elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3032, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.elshad-adgh-dns.ru"; dns.query; content:"www.elshad-adgh-dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3033, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iamninja.ru"; dns.query; content:"dns.iamninja.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3034, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muxyuji.ru"; dns.query; content:"muxyuji.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3035, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.muxyuji.ru"; dns.query; content:"www.muxyuji.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3036, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.titan.stream"; dns.query; content:"adguard.titan.stream"; nocase; fast_pattern; classtype:bad-unknown; sid:27991229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3037, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for proxy.titan.stream"; dns.query; content:"proxy.titan.stream"; nocase; fast_pattern; classtype:bad-unknown; sid:27991230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3038, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mtnh.tk"; dns.query; content:"dns.mtnh.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3039, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for saikoudns.tk"; dns.query; content:"saikoudns.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3040, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for suanr.top"; dns.query; content:"suanr.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3041, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.erw.cc"; dns.query; content:"hk.erw.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3052, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns140.zhhz.cc"; dns.query; content:"dns140.zhhz.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3053, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.cf"; dns.query; content:"ychen.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3054, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dsns.cloud"; dns.query; content:"adguard.dsns.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3055, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bcsmts.com"; dns.query; content:"bcsmts.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3056, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bonishomenetwork.com"; dns.query; content:"bonishomenetwork.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3057, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cuehosting.com"; dns.query; content:"dns.cuehosting.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3058, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ellichua.com"; dns.query; content:"dns.ellichua.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3059, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for incaseineeditoneday.com"; dns.query; content:"incaseineeditoneday.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3060, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.incaseineeditoneday.com"; dns.query; content:"www.incaseineeditoneday.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3061, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk.mangosysdns.com"; dns.query; content:"hk.mangosysdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3062, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for matthias-prost.com"; dns.query; content:"matthias-prost.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3063, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nayemador.com"; dns.query; content:"dns.nayemador.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3064, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uranus.plonknet.com"; dns.query; content:"uranus.plonknet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3065, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.reachburt.com"; dns.query; content:"dns2.reachburt.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3066, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tk31z.com"; dns.query; content:"tk31z.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3067, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohdododo.tonedtanya.com"; dns.query; content:"dohdododo.tonedtanya.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3068, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for go10go10.tonedtanya.com"; dns.query; content:"go10go10.tonedtanya.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3069, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yovbak.com"; dns.query; content:"yovbak.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3070, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru2.vnetwork.cyou"; dns.query; content:"ru2.vnetwork.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27991253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3071, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.luwei.date"; dns.query; content:"d.luwei.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27991254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3072, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.novali.date"; dns.query; content:"dns.novali.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27991255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3073, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.novali.date"; dns.query; content:"us.novali.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27991256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3074, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for flumuffel.de"; dns.query; content:"flumuffel.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3075, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.marcrnt.de"; dns.query; content:"home.marcrnt.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3076, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mjanson.de"; dns.query; content:"adguard.mjanson.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3077, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.adrianion.eu"; dns.query; content:"dns1.adrianion.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3078, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.ga"; dns.query; content:"ychen.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3079, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neo.esbpcs.my.id"; dns.query; content:"neo.esbpcs.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3080, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1b.ns.ozer.im"; dns.query; content:"1b.ns.ozer.im"; nocase; fast_pattern; classtype:bad-unknown; sid:27991263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3081, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for penimofe.in"; dns.query; content:"penimofe.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3082, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.aflr.io"; dns.query; content:"blackhole.aflr.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3083, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaans.io"; dns.query; content:"kaans.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3084, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-secure.wifire.it"; dns.query; content:"dns-secure.wifire.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3085, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.khanhtran.me"; dns.query; content:"dns.khanhtran.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3086, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rjls.me"; dns.query; content:"dns.rjls.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3087, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for soncms.me"; dns.query; content:"soncms.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3088, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c4.ownvps.ml"; dns.query; content:"c4.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3089, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud6.ownvps.ml"; dns.query; content:"cloud6.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991272; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3090, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vaguthu.mv"; dns.query; content:"dns.vaguthu.mv"; nocase; fast_pattern; classtype:bad-unknown; sid:27991273; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3092, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 4dscape.net"; dns.query; content:"4dscape.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3093, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for testadguardhome.adtidy.net"; dns.query; content:"testadguardhome.adtidy.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3094, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.borgwardtech.net"; dns.query; content:"adguard.borgwardtech.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3095, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akhil.ddns.net"; dns.query; content:"akhil.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991277; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3096, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nathor.ddns.net"; dns.query; content:"nathor.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3097, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ngc0226.ddns.net"; dns.query; content:"ngc0226.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3098, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blocker.dekugon.net"; dns.query; content:"blocker.dekugon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3099, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 94169.ip-ns.net"; dns.query; content:"94169.ip-ns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991281; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3100, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-o-1.nashkan.net"; dns.query; content:"de-fsn-o-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3101, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mos-w-1.nashkan.net"; dns.query; content:"ru-mos-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3102, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-4.nashkan.net"; dns.query; content:"sg-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3103, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for noadsapp.net"; dns.query; content:"noadsapp.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991285; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3104, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darya.persiannit.net"; dns.query; content:"darya.persiannit.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3105, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.wewitro.net"; dns.query; content:"dot.wewitro.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3106, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.taterdns.nl"; dns.query; content:"dns1.taterdns.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3108, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bdns.one"; dns.query; content:"bdns.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3109, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.karl.one"; dns.query; content:"dns.karl.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991290; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3111, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server01.karl.one"; dns.query; content:"server01.karl.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3112, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lekdijk.online"; dns.query; content:"lekdijk.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991292; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3113, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for externalmobiel.lekdijk.online"; dns.query; content:"externalmobiel.lekdijk.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3114, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for piholeddns.duckdns.org"; dns.query; content:"piholeddns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991294; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3115, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.dankatapich.eu.org"; dns.query; content:"adg.dankatapich.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3116, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dislike.eu.org"; dns.query; content:"dislike.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3117, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.superbest.eu.org"; dns.query; content:"adguard.superbest.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991297; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3118, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.f-bg.org"; dns.query; content:"dns.f-bg.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3119, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.ral9005.org"; dns.query; content:"ns.ral9005.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3120, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dn5.talesam.org"; dns.query; content:"dn5.talesam.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991300; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3121, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for privdns0022.securehost.ovh"; dns.query; content:"privdns0022.securehost.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991301; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3122, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fk4mil.pl"; dns.query; content:"fk4mil.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991302; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3123, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for colean.go.ro"; dns.query; content:"colean.go.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3124, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adns.onlinetools.rocks"; dns.query; content:"adns.onlinetools.rocks"; nocase; fast_pattern; classtype:bad-unknown; sid:27991304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3125, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an81dns.ru"; dns.query; content:"an81dns.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3126, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ilcha.ru"; dns.query; content:"ilcha.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991306; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3127, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for piserver.ru"; dns.query; content:"piserver.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991307; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3128, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agafon.site"; dns.query; content:"agafon.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991308; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3129, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.agafon.site"; dns.query; content:"www.agafon.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991309; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3130, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for groupy.su"; dns.query; content:"groupy.su"; nocase; fast_pattern; classtype:bad-unknown; sid:27991310; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3131, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ducphuclee.tech"; dns.query; content:"ducphuclee.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991311; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3132, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sj2.2333www.tk"; dns.query; content:"sj2.2333www.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991312; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3133, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chertila.tk"; dns.query; content:"chertila.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991313; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3134, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for palazzoddns.tk"; dns.query; content:"palazzoddns.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991314; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3135, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.wisw.tk"; dns.query; content:"us.wisw.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991315; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3136, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zxcvb.pp.ua"; dns.query; content:"zxcvb.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991316; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3138, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frontpace.us"; dns.query; content:"frontpace.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991317; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3139, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hoarfox.us"; dns.query; content:"hoarfox.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991318; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3140, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cs42.xyz"; dns.query; content:"cs42.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991319; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3142, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.febryandana.xyz"; dns.query; content:"dns.febryandana.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991320; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3143, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shadowhouses-dns.xyz"; dns.query; content:"shadowhouses-dns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991321; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3144, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for killads.vpms.xyz"; dns.query; content:"killads.vpms.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991322; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3145, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for funti.cc"; dns.query; content:"funti.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991323; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3147, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cc.3eto.com"; dns.query; content:"cc.3eto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991324; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3148, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cnbeining.com"; dns.query; content:"adguard.cnbeining.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991325; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3149, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cwlys.com"; dns.query; content:"dns.cwlys.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991326; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3150, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud.jjlizz.com"; dns.query; content:"cloud.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991327; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3151, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 003.tisyang.com"; dns.query; content:"003.tisyang.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991328; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3152, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.schlikow.de"; dns.query; content:"adguard.schlikow.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991329; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3153, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.supercluster.io"; dns.query; content:"dns.supercluster.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991330; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3154, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.altairzone.it"; dns.query; content:"dns.altairzone.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991331; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3155, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for towanda.camtechnology.it"; dns.query; content:"towanda.camtechnology.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991332; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3156, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.jij.kr"; dns.query; content:"a.jij.kr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991333; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3157, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ldrk-dns.link"; dns.query; content:"ldrk-dns.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991334; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3158, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kumar-abhishek.me"; dns.query; content:"dns.kumar-abhishek.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991335; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3159, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.schwaab.me"; dns.query; content:"dns.schwaab.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991336; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3160, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for overwatch.ddns.net"; dns.query; content:"overwatch.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991337; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3161, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fi-hel-w-2.nashkan.net"; dns.query; content:"fi-hel-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991338; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3162, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.webstor.net"; dns.query; content:"dns.webstor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991339; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3163, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.ttdd.one"; dns.query; content:"ad.ttdd.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991340; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3164, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ocl.smaccs.site"; dns.query; content:"ocl.smaccs.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991341; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3165, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.halvez.top"; dns.query; content:"dns.halvez.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991342; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3166, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s.101818.xyz"; dns.query; content:"s.101818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991343; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3167, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mia.eyecay.xyz"; dns.query; content:"mia.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991344; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3168, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us1.intellsystemworld.xyz"; dns.query; content:"us1.intellsystemworld.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991345; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3169, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.opnsource.com.au"; dns.query; content:"dns.opnsource.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991346; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3170, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.joaofidelix.com.br"; dns.query; content:"dns.joaofidelix.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991347; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3171, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.onedns.cc"; dns.query; content:"secure.onedns.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991348; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3172, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for duyyen.cf"; dns.query; content:"duyyen.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991349; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3173, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.firefenix.cf"; dns.query; content:"dns.firefenix.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991350; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3174, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.firefenix.cf"; dns.query; content:"home.firefenix.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991351; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3175, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seedboxhome.firefenix.cf"; dns.query; content:"seedboxhome.firefenix.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991352; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3176, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard-dns.rouga.ch"; dns.query; content:"adguard-dns.rouga.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991353; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3177, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.h0schi.cloud"; dns.query; content:"dns.h0schi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991354; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3178, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.eswan.club"; dns.query; content:"adg.eswan.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991355; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3179, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for usser.52huameng.com"; dns.query; content:"usser.52huameng.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991356; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3180, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.idsam.com"; dns.query; content:"dns.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991357; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3181, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s.idsam.com"; dns.query; content:"s.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991358; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3182, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ikataruto.com"; dns.query; content:"dns.ikataruto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991359; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3183, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.dns.ikataruto.com"; dns.query; content:"jp.dns.ikataruto.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991360; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3184, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itcosc.com"; dns.query; content:"dns.itcosc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991361; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3185, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for live.jjlizz.com"; dns.query; content:"live.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991362; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3186, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsfr.markovskilab.com"; dns.query; content:"dnsfr.markovskilab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991363; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3187, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moonssif.com"; dns.query; content:"dns.moonssif.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991364; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3188, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for myadguardhome.com"; dns.query; content:"myadguardhome.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991365; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3189, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnx.niko-sem.com"; dns.query; content:"dnx.niko-sem.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991366; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3190, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ryanleek.com"; dns.query; content:"adguard.ryanleek.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991367; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3191, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tuankhaiit.com"; dns.query; content:"dns.tuankhaiit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991368; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3192, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zacharymeadors.com"; dns.query; content:"dns.zacharymeadors.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991369; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3193, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.capypara.de"; dns.query; content:"blackhole.capypara.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991370; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3194, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tmkis-dns.de"; dns.query; content:"tmkis-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991371; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3195, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.de-grove.eu"; dns.query; content:"dns.de-grove.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991372; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3196, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eknetwork.eu"; dns.query; content:"dns.eknetwork.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991373; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3197, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.klcd.eu"; dns.query; content:"dns1.klcd.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991374; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3198, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.octoworld.fr"; dns.query; content:"dns.octoworld.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991375; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3199, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.quentin-stoeckel.fr"; dns.query; content:"home.quentin-stoeckel.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991376; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3200, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d2.shabi.icu"; dns.query; content:"d2.shabi.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991377; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3201, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.nods.in"; dns.query; content:"ad.nods.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991378; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3202, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudan88.synology.me"; dns.query; content:"cloudan88.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991379; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3203, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.anoogohost.net"; dns.query; content:"dns.anoogohost.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991380; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3204, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cybereager.net"; dns.query; content:"dns.cybereager.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991381; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3205, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dltkhn01.ddns.net"; dns.query; content:"dltkhn01.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991382; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3206, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.grusdas.net"; dns.query; content:"dns.grusdas.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991383; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3207, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jpjb.net"; dns.query; content:"adguard.jpjb.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991384; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3208, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ae-fuj-w-1.nashkan.net"; dns.query; content:"ae-fuj-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991385; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3209, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fr-sbg-w-4.nashkan.net"; dns.query; content:"fr-sbg-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991386; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3210, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.bit-trail.nl"; dns.query; content:"ns3.bit-trail.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991387; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3211, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for admin.dotls.org"; dns.query; content:"admin.dotls.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991388; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3212, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for germvpnguard.duckdns.org"; dns.query; content:"germvpnguard.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991389; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3213, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jurre-home.duckdns.org"; dns.query; content:"jurre-home.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991390; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3214, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for osefcorp.duckdns.org"; dns.query; content:"osefcorp.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991391; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3215, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn-dns-adsblocker.duckdns.org"; dns.query; content:"vpn-dns-adsblocker.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991392; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3216, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xthwo.duckdns.org"; dns.query; content:"xthwo.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991393; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3217, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keithchung.hopto.org"; dns.query; content:"keithchung.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991394; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3218, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kaytek.org"; dns.query; content:"adguard.kaytek.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991395; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3219, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dart.kpsn.org"; dns.query; content:"dart.kpsn.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991396; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3220, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fwgw.orangepipc.mywire.org"; dns.query; content:"fwgw.orangepipc.mywire.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991397; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3221, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.timefine.org"; dns.query; content:"ad.timefine.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991398; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3222, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.vokuev.org"; dns.query; content:"vpn.vokuev.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991399; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3223, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.buck.ovh"; dns.query; content:"block.buck.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991400; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3224, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stalent.ovh"; dns.query; content:"stalent.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991401; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3225, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for msxnet.ru"; dns.query; content:"msxnet.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991402; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3226, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.msxnet.ru"; dns.query; content:"dns.msxnet.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991403; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3227, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ronc.ru"; dns.query; content:"dns.ronc.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991404; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3228, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asdfcomparator.tk"; dns.query; content:"asdfcomparator.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991405; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3229, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.magnon-box.tk"; dns.query; content:"dns.magnon-box.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991406; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3230, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aikiquare.top"; dns.query; content:"aikiquare.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991407; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3231, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bb.jason666.top"; dns.query; content:"bb.jason666.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991408; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3232, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ds.free.svipss.top"; dns.query; content:"ds.free.svipss.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991409; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3233, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pop.novacia.com.ua"; dns.query; content:"pop.novacia.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991410; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3234, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sergeykobzar.com.ua"; dns.query; content:"sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991411; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3235, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.sergeykobzar.com.ua"; dns.query; content:"www.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991412; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3236, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.pp.ua"; dns.query; content:"adguard.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991413; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3237, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gruppo.pp.ua"; dns.query; content:"gruppo.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991414; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3238, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.4nas.win"; dns.query; content:"dot.4nas.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27991415; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3239, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d94.xyz"; dns.query; content:"dns.d94.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991416; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3240, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.haoxuan.xyz"; dns.query; content:"dns.haoxuan.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991417; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3241, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.nexen.cloud"; dns.query; content:"doh.nexen.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991418; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3244, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.l2h8.cn"; dns.query; content:"dns.l2h8.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991419; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3245, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.halimdaud.com"; dns.query; content:"agh.halimdaud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991420; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3246, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kennethhuang.com"; dns.query; content:"kennethhuang.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991421; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3247, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.p55k.com"; dns.query; content:"dns.p55k.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991422; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3248, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.luan.contact"; dns.query; content:"dns.luan.contact"; nocase; fast_pattern; classtype:bad-unknown; sid:27991423; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3249, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.zitronen-server.de"; dns.query; content:"adguard01.zitronen-server.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991424; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3250, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.abgnetwork.es"; dns.query; content:"vps.abgnetwork.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27991425; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3251, updated_at 2023_01_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.11i.eu"; dns.query; content:"2.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991426; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3252, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lilibox.freeboxos.fr"; dns.query; content:"lilibox.freeboxos.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991427; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3253, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn0109.voodonline.fr"; dns.query; content:"vpn0109.voodonline.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991428; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3254, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pcgo.fun"; dns.query; content:"pcgo.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991429; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3255, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vmath.my.id"; dns.query; content:"dns.vmath.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991430; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3256, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agh.workfordemo.co.in"; dns.query; content:"agh.workfordemo.co.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991431; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3257, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.vinc.me"; dns.query; content:"dns2.vinc.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991432; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3258, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.lfac.ml"; dns.query; content:"dns2.lfac.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991433; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3259, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c1.ownvps.ml"; dns.query; content:"c1.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991434; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3260, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nicktruehome.ddns.net"; dns.query; content:"nicktruehome.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991435; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3261, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.feiyuyu.net"; dns.query; content:"dns.feiyuyu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991436; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3262, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lilibox.duckdns.org"; dns.query; content:"lilibox.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991437; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3263, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi.homeanywhere.org"; dns.query; content:"pi.homeanywhere.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991438; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3264, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keithchunguat.hopto.org"; dns.query; content:"keithchunguat.hopto.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991439; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3265, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akdns.xyz"; dns.query; content:"akdns.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991440; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3266, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ovpn.bond"; dns.query; content:"dns.ovpn.bond"; nocase; fast_pattern; classtype:bad-unknown; sid:27991441; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3268, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mokocup.cf"; dns.query; content:"adguard.mokocup.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991442; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3269, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for timothytimothy.cf"; dns.query; content:"timothytimothy.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991443; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3270, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.timothytimothy.cf"; dns.query; content:"www.timothytimothy.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991444; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3271, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-guard1.cryptroute.com"; dns.query; content:"dns-guard1.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991445; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3272, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an.kanahanazawa.com"; dns.query; content:"an.kanahanazawa.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991446; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3273, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mx1.laoxiao789.com"; dns.query; content:"mx1.laoxiao789.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991447; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3274, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for msr177.com"; dns.query; content:"msr177.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991448; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3275, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for out.neofion.com"; dns.query; content:"out.neofion.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991449; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3276, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qwkurl.com"; dns.query; content:"dns.qwkurl.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991450; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3277, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rodovatech.com"; dns.query; content:"dns.rodovatech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991451; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3278, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for whatcaniplay.com"; dns.query; content:"whatcaniplay.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991452; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3279, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.whatcaniplay.com"; dns.query; content:"dns.whatcaniplay.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991453; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3280, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srv5.jiripocta.cz"; dns.query; content:"srv5.jiripocta.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991454; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3281, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.2t9.de"; dns.query; content:"dns.2t9.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991455; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3282, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.dev"; dns.query; content:"adguardhome.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991456; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3283, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for korzhov.dev"; dns.query; content:"korzhov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991457; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3284, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for garanphomai.ga"; dns.query; content:"garanphomai.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991458; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3285, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aucnier.my.id"; dns.query; content:"aucnier.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991459; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3286, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for libye.in"; dns.query; content:"libye.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991460; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3287, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.bielperes.me"; dns.query; content:"mydns.bielperes.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991461; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3289, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cintra.ml"; dns.query; content:"cintra.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991462; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3290, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.freegod.ml"; dns.query; content:"doh.freegod.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991463; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3291, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vmi880423.contaboserver.net"; dns.query; content:"vmi880423.contaboserver.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991464; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3292, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sinamease.net"; dns.query; content:"sinamease.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991465; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3293, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.techcpu.net"; dns.query; content:"dns.techcpu.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991466; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3294, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.clawsucht.nrw"; dns.query; content:"adguard.clawsucht.nrw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991467; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3295, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fcpsunleashed.org"; dns.query; content:"fcpsunleashed.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991468; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3296, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for connect.fcpsunleashed.org"; dns.query; content:"connect.fcpsunleashed.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991469; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3297, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for internal.fcpsunleashed.org"; dns.query; content:"internal.fcpsunleashed.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991470; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3298, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for manage.fcpsunleashed.org"; dns.query; content:"manage.fcpsunleashed.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991471; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3299, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ociamd1.fatucloud.gosprout.org"; dns.query; content:"ociamd1.fatucloud.gosprout.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991472; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3300, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test.fatucloud.gosprout.org"; dns.query; content:"test.fatucloud.gosprout.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991473; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3301, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.panszelescik.pl"; dns.query; content:"dns.panszelescik.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991474; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3302, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.piekacz.pl"; dns.query; content:"adguard.piekacz.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991475; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3303, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eaereaper.ru"; dns.query; content:"eaereaper.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991476; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3304, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.eaereaper.ru"; dns.query; content:"www.eaereaper.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991477; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3305, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdvizhkov.ru"; dns.query; content:"sdvizhkov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991478; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3306, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.miaouu.top"; dns.query; content:"ad.miaouu.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991479; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3307, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fc.idv.tw"; dns.query; content:"dns.fc.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991480; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3308, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gauss.pp.ua"; dns.query; content:"gauss.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991481; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3309, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.n3120.wang"; dns.query; content:"dns2.n3120.wang"; nocase; fast_pattern; classtype:bad-unknown; sid:27991482; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3310, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for daswieddodeushtuhaw.xyz"; dns.query; content:"daswieddodeushtuhaw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991483; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3311, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.gosami.xyz"; dns.query; content:"vpn.gosami.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991484; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3312, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aquilenet.fr"; dns.query; content:"dns.aquilenet.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991485; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3313, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.flymc.cc"; dns.query; content:"dns.flymc.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991486; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3316, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privacy.cm"; dns.query; content:"dns.privacy.cm"; nocase; fast_pattern; classtype:bad-unknown; sid:27991487; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3317, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rilaic-multi.daonidc.com"; dns.query; content:"rilaic-multi.daonidc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991488; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3318, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for x.ns1net.com"; dns.query; content:"x.ns1net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991489; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3319, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gaia.plonknet.com"; dns.query; content:"gaia.plonknet.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991490; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3320, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agp01.tek411.com"; dns.query; content:"agp01.tek411.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991491; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3321, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.toairs.com"; dns.query; content:"d.toairs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991492; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3322, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wydler.eu"; dns.query; content:"adguard.wydler.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991493; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3323, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.wydler.eu"; dns.query; content:"adguard01.wydler.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991494; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3324, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for horne.haus"; dns.query; content:"horne.haus"; nocase; fast_pattern; classtype:bad-unknown; sid:27991495; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3325, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gaharchat.my.id"; dns.query; content:"gaharchat.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991496; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3326, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.n23.io"; dns.query; content:"dns.n23.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991497; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3327, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.abstergo.it"; dns.query; content:"block.abstergo.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991498; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3328, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o1.lt"; dns.query; content:"o1.lt"; nocase; fast_pattern; classtype:bad-unknown; sid:27991499; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3329, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.iblockads.net"; dns.query; content:"dns.iblockads.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991500; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3330, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lt-vil-w-2.nashkan.net"; dns.query; content:"lt-vil-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991501; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3331, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tuandns.duckdns.org"; dns.query; content:"tuandns.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991502; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3332, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloudns.bosco.ovh"; dns.query; content:"cloudns.bosco.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991503; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3333, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ant.dns.qwer.pw"; dns.query; content:"ant.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991504; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3334, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bacer.msk.ru"; dns.query; content:"bacer.msk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991505; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3335, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for name.my-station.ru"; dns.query; content:"name.my-station.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991506; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3336, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shield.afixer.app"; dns.query; content:"shield.afixer.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991507; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3339, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tlz.asia"; dns.query; content:"tlz.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991508; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3340, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.tlz.asia"; dns.query; content:"www.tlz.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27991509; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3341, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lrdnet.cf"; dns.query; content:"dns.lrdnet.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991510; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3342, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for meudns.minhacasainteligente.cf"; dns.query; content:"meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991511; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3343, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for elc.meudns.minhacasainteligente.cf"; dns.query; content:"elc.meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991512; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3344, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lmz.meudns.minhacasainteligente.cf"; dns.query; content:"lmz.meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991513; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3345, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mbz.meudns.minhacasainteligente.cf"; dns.query; content:"mbz.meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991514; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3346, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tbl.meudns.minhacasainteligente.cf"; dns.query; content:"tbl.meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991515; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3347, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for as17820865.click"; dns.query; content:"as17820865.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27991516; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3348, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bluewall.cloud"; dns.query; content:"bluewall.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991517; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3349, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lighthouse.rycerz.cloud"; dns.query; content:"lighthouse.rycerz.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991518; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3350, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.zkz.cloud"; dns.query; content:"dns.zkz.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991519; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3351, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for family.5ososea.com"; dns.query; content:"family.5ososea.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991520; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3352, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.afastserver.com"; dns.query; content:"dns2.afastserver.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991521; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3353, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chaos.altendorfme.com"; dns.query; content:"chaos.altendorfme.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991522; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3354, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.cloud-sekeng.com"; dns.query; content:"doh.cloud-sekeng.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991523; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3355, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.crownor.com"; dns.query; content:"dns.crownor.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991524; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3356, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.idsam.com"; dns.query; content:"dns1.idsam.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991525; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3357, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tv.jjlizz.com"; dns.query; content:"tv.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991526; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3358, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asgard.maximegw.com"; dns.query; content:"asgard.maximegw.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991527; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3359, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.osmenoga.com"; dns.query; content:"dns.osmenoga.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991528; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3360, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for o.rsaikat.com"; dns.query; content:"o.rsaikat.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991529; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3361, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thisismydns.cyou"; dns.query; content:"thisismydns.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27991530; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3362, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.frece.de"; dns.query; content:"adguard2.frece.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991531; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3363, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolve2.srv-pro.de"; dns.query; content:"resolve2.srv-pro.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991532; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3364, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.wriedts.de"; dns.query; content:"home.wriedts.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991533; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3365, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.applewebkit.dev"; dns.query; content:"dns.applewebkit.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991534; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3366, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jucker.engineering"; dns.query; content:"dns.jucker.engineering"; nocase; fast_pattern; classtype:bad-unknown; sid:27991535; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3367, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for marginnote.ga"; dns.query; content:"marginnote.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991536; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3369, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.futa.gg"; dns.query; content:"dot.futa.gg"; nocase; fast_pattern; classtype:bad-unknown; sid:27991537; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3370, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dmit.xxxxxxxxx.gq"; dns.query; content:"dmit.xxxxxxxxx.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27991538; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3371, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for serayadns.my.id"; dns.query; content:"serayadns.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991539; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3372, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maddino.dedyn.io"; dns.query; content:"maddino.dedyn.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991540; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3373, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xiaolong.link"; dns.query; content:"xiaolong.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991541; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3374, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ch01adguardho.me"; dns.query; content:"ch01adguardho.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991542; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3375, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for emmmmm.me"; dns.query; content:"emmmmm.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991543; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3376, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yitest.synology.me"; dns.query; content:"yitest.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991544; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3377, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an81.ddns.net"; dns.query; content:"an81.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991545; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3378, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for asbordns.ddns.net"; dns.query; content:"asbordns.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991546; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3379, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ccadguard.ddns.net"; dns.query; content:"ccadguard.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991547; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3380, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pqh.ddns.net"; dns.query; content:"pqh.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991548; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3381, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for riverboat6228.ddns.net"; dns.query; content:"riverboat6228.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991549; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3382, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.leadmon.net"; dns.query; content:"adguard1.leadmon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991550; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3383, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.leadmon.net"; dns.query; content:"adguard2.leadmon.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991551; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3384, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-bir-w-1.nashkan.net"; dns.query; content:"gb-bir-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991552; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3385, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-5.nashkan.net"; dns.query; content:"gb-lon-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991553; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3386, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-nyc-w-3.nashkan.net"; dns.query; content:"us-nyc-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991554; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3387, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for za-joh-w-2.nashkan.net"; dns.query; content:"za-joh-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991555; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3388, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sachink.net"; dns.query; content:"dns.sachink.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991556; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3389, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for virmamp33.sytes.net"; dns.query; content:"virmamp33.sytes.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991557; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3390, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thierryserver.nl"; dns.query; content:"dns.thierryserver.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991558; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3391, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secureadguarddns.charleslondon.online"; dns.query; content:"secureadguarddns.charleslondon.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991559; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3392, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock-larssonshus.duckdns.org"; dns.query; content:"adblock-larssonshus.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991560; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3393, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ninny.duckdns.org"; dns.query; content:"ninny.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991561; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3394, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v1461642.hosted-by-vdsina.ru"; dns.query; content:"v1461642.hosted-by-vdsina.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991562; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3395, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bw.i81.ru"; dns.query; content:"bw.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991563; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3396, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bw.i81.ru"; dns.query; content:"dns.bw.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991564; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3397, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.bw.i81.ru"; dns.query; content:"igor.bw.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991565; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3398, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.bw.i81.ru"; dns.query; content:"kotys.bw.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991566; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3399, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fb.i81.ru"; dns.query; content:"fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991567; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3400, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.fb.i81.ru"; dns.query; content:"alisa.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991568; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3401, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fb.i81.ru"; dns.query; content:"dns.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991569; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3402, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.fb.i81.ru"; dns.query; content:"igor.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991570; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3403, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.fb.i81.ru"; dns.query; content:"kotys.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991571; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3404, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.fb.i81.ru"; dns.query; content:"luba.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991572; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3405, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.fb.i81.ru"; dns.query; content:"olga.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991573; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3406, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.fb.i81.ru"; dns.query; content:"vova.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991574; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3407, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.0rz.space"; dns.query; content:"1.0rz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991575; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3408, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.0rz.space"; dns.query; content:"2.0rz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991576; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3409, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for paskam.tk"; dns.query; content:"paskam.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991577; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3410, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.paskam.tk"; dns.query; content:"www.paskam.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991578; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3411, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.sufly.top"; dns.query; content:"www.sufly.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991579; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3412, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tls.jackyhou.idv.tw"; dns.query; content:"tls.jackyhou.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991580; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3413, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for brb.pp.ua"; dns.query; content:"brb.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991581; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3414, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for planty.ddns.us"; dns.query; content:"planty.ddns.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991582; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3415, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hellwishdnsservers.work"; dns.query; content:"hellwishdnsservers.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27991583; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3416, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for andrewnw.xyz"; dns.query; content:"andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991584; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3417, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.andrewnw.xyz"; dns.query; content:"dns.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991585; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3418, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for git.andrewnw.xyz"; dns.query; content:"git.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991586; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3419, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mail.andrewnw.xyz"; dns.query; content:"mail.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991587; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3420, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.andrewnw.xyz"; dns.query; content:"www.andrewnw.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991588; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3421, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.maolaohei.xyz"; dns.query; content:"dns.maolaohei.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991589; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3422, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.ssy123.xyz"; dns.query; content:"adg.ssy123.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991590; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3423, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.h0schi.cloud"; dns.query; content:"dns3.h0schi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991591; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3424, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atarikid.com"; dns.query; content:"atarikid.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991592; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3425, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bobstrecansky.com"; dns.query; content:"bobstrecansky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991593; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3426, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bobstrecansky.com"; dns.query; content:"dns.bobstrecansky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991594; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3427, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gpchubjk.dnsfish.com"; dns.query; content:"gpchubjk.dnsfish.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991595; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3428, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nietostuff.com"; dns.query; content:"dns.nietostuff.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991596; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3429, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.plumedns.com"; dns.query; content:"adguard.plumedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991597; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3430, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for netherlands.plumedns.com"; dns.query; content:"netherlands.plumedns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991598; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3431, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rjmva.com"; dns.query; content:"rjmva.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991599; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3432, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gu-dns.gugugu.cyou"; dns.query; content:"gu-dns.gugugu.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27991600; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3433, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.meddy94.de"; dns.query; content:"adguard.meddy94.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991601; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3434, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.aws.ketan.dev"; dns.query; content:"pihole.aws.ketan.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991602; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3435, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pitnetdns.ga"; dns.query; content:"pitnetdns.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991603; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3436, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hee.ink"; dns.query; content:"dns.hee.ink"; nocase; fast_pattern; classtype:bad-unknown; sid:27991604; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3437, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.hjk.me"; dns.query; content:"ns1.hjk.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991605; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3438, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vmi1067860.contaboserver.net"; dns.query; content:"vmi1067860.contaboserver.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991606; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3439, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.extrawdw.net"; dns.query; content:"dns.extrawdw.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991607; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3440, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nrt.public.gfwdns.net"; dns.query; content:"nrt.public.gfwdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991608; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3441, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sk-bra-w-1.nashkan.net"; dns.query; content:"sk-bra-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991609; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3442, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-la-w-5.nashkan.net"; dns.query; content:"us-la-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991610; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3443, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vault-101.net"; dns.query; content:"dns.vault-101.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991611; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3444, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.unerror.network"; dns.query; content:"dns.unerror.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27991612; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3445, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.dnsviewer.org"; dns.query; content:"ns.dnsviewer.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991613; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3446, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for automaton-mm1.duckdns.org"; dns.query; content:"automaton-mm1.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991614; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3447, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-primary.giaan.org"; dns.query; content:"dns-primary.giaan.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991615; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3448, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for varganet.org"; dns.query; content:"varganet.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991616; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3449, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dubere.home.ro"; dns.query; content:"dubere.home.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991617; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3450, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server-beget.ru"; dns.query; content:"server-beget.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991618; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3451, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hopper.org.uk"; dns.query; content:"dns.hopper.org.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991619; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3452, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 214214214.xyz"; dns.query; content:"214214214.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991620; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3453, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chno.xyz"; dns.query; content:"chno.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991621; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3454, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ggrbb.xyz"; dns.query; content:"ggrbb.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991622; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3455, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.ggrbb.xyz"; dns.query; content:"www.ggrbb.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991623; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3456, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oracle6.losfa.xyz"; dns.query; content:"oracle6.losfa.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991624; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3457, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xenergy.cc"; dns.query; content:"xenergy.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991625; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3459, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.velay.ch"; dns.query; content:"adguard.velay.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991626; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3460, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for daisukivn.asuscomm.com"; dns.query; content:"daisukivn.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991627; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3461, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ppfeufer.de"; dns.query; content:"adguard.ppfeufer.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991628; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3462, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for block.sascha-triller.de"; dns.query; content:"block.sascha-triller.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991629; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3463, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.benpro.fr"; dns.query; content:"dns.benpro.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991630; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3464, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb.nods.in"; dns.query; content:"adb.nods.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991631; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3465, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for goga7777777.bissnes.org"; dns.query; content:"goga7777777.bissnes.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991632; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3466, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fullaccesstointernet.int.eu.org"; dns.query; content:"fullaccesstointernet.int.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991633; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3467, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.ipsecloud.ru"; dns.query; content:"ad.ipsecloud.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991634; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3468, updated_at 2023_01_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fvpn.jarvishome.ru"; dns.query; content:"fvpn.jarvishome.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991635; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3469, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rassadnikov.ru"; dns.query; content:"dns.rassadnikov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991636; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3470, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ilker.se"; dns.query; content:"dns.ilker.se"; nocase; fast_pattern; classtype:bad-unknown; sid:27991637; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3471, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ftgfw.tk"; dns.query; content:"ftgfw.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991638; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3472, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-az2.cattery.work"; dns.query; content:"hk-az2.cattery.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27991639; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3473, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdjdns.ajraspi.xyz"; dns.query; content:"rdjdns.ajraspi.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991640; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3474, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for loli.sektehalodavid.click"; dns.query; content:"loli.sektehalodavid.click"; nocase; fast_pattern; classtype:bad-unknown; sid:27991641; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3475, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-secondary.cloudnx.cloud"; dns.query; content:"dns-secondary.cloudnx.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991642; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3476, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.comeonjames.club"; dns.query; content:"dns.comeonjames.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991643; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3477, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.ef67daisuki.club"; dns.query; content:"adguard.ef67daisuki.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991644; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3478, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ahboy.asuscomm.com"; dns.query; content:"ahboy.asuscomm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991645; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3479, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.brightesttv.com"; dns.query; content:"dns.brightesttv.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991646; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3480, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for encremento.com"; dns.query; content:"encremento.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991647; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3481, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ethernet.mxx.giize.com"; dns.query; content:"ethernet.mxx.giize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991648; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3482, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp01.just-a-web.com"; dns.query; content:"jp01.just-a-web.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991649; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3483, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for orau.lz0724.com"; dns.query; content:"orau.lz0724.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991650; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3484, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xx.ns1net.com"; dns.query; content:"xx.ns1net.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991651; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3485, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sitdns.com"; dns.query; content:"sitdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991652; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3486, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.sitdns.com"; dns.query; content:"www.sitdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991653; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3487, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2raye.com"; dns.query; content:"v2raye.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991654; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3488, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wajon-dns.com"; dns.query; content:"wajon-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991655; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3489, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.williamlwu.com"; dns.query; content:"dns.williamlwu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991656; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3490, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darkness.is.my.waifu.cz"; dns.query; content:"darkness.is.my.waifu.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991657; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3491, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.filipccz.eu"; dns.query; content:"dns.filipccz.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991658; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3492, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gando.fr"; dns.query; content:"dns.gando.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991659; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3493, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for soay38us0r7goa7.cmsdp.my.id"; dns.query; content:"soay38us0r7goa7.cmsdp.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991660; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3494, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.deekshith.in"; dns.query; content:"dns.deekshith.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991661; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3495, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jaym.in"; dns.query; content:"jaym.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991662; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3496, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for felipefalcao.me"; dns.query; content:"felipefalcao.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991663; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3497, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mgiptvpro.ml"; dns.query; content:"dns.mgiptvpro.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991664; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3498, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c3.ownvps.ml"; dns.query; content:"c3.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991665; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3499, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c5.ownvps.ml"; dns.query; content:"c5.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991666; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3500, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wdnts.ml"; dns.query; content:"dns.wdnts.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991667; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3501, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.1899.com.mx"; dns.query; content:"ns2.1899.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991668; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3502, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adl.adfilter.net"; dns.query; content:"adl.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991669; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3503, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adblock.benmeyer.net"; dns.query; content:"adblock.benmeyer.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991670; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3504, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.cybsurfnet.net"; dns.query; content:"adguard.cybsurfnet.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991671; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3505, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frontpace.net"; dns.query; content:"frontpace.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991672; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3506, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mysys.net"; dns.query; content:"mysys.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991673; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3507, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-5.nashkan.net"; dns.query; content:"sg-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991674; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3508, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-dal-w-1.nashkan.net"; dns.query; content:"us-dal-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991675; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3509, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eweyo.duckdns.org"; dns.query; content:"eweyo.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991676; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3510, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for whax.eu.org"; dns.query; content:"whax.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991677; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3511, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.sillundil.ovh"; dns.query; content:"dot.sillundil.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991678; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3512, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for percival.empty.pw"; dns.query; content:"percival.empty.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991679; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3513, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ivanromanov.ru"; dns.query; content:"ivanromanov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991680; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3514, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ivanromanov.ru"; dns.query; content:"dns.ivanromanov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991681; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3515, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.ivanromanov.ru"; dns.query; content:"www.ivanromanov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991682; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3516, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.tardishost.ru"; dns.query; content:"dns1.tardishost.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991683; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3517, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.moog.sh"; dns.query; content:"dns.moog.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991684; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3518, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.aavesh.tech"; dns.query; content:"adguard.aavesh.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991685; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3519, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.notggle.tk"; dns.query; content:"adguard.notggle.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991686; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3520, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yyqsite.top"; dns.query; content:"yyqsite.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991687; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3521, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.yyqsite.top"; dns.query; content:"www.yyqsite.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991688; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3522, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 2.alpo.pp.ua"; dns.query; content:"2.alpo.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991689; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3523, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.walshnet.co.uk"; dns.query; content:"dns.walshnet.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991690; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3524, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.gaconsulting.com.au"; dns.query; content:"adguard2.gaconsulting.com.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27991691; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3525, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blackhole.gugainfo.com.br"; dns.query; content:"blackhole.gugainfo.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27991692; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3526, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardprimarydns.cf"; dns.query; content:"adguardprimarydns.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991693; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3527, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for carrotegg.club"; dns.query; content:"carrotegg.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991694; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3528, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dtness.com"; dns.query; content:"adguard.dtness.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991695; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3529, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gogonads.com"; dns.query; content:"gogonads.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991696; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3530, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server1.greendns.green1052.com"; dns.query; content:"server1.greendns.green1052.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991697; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3531, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for leecurrylawfirm.com"; dns.query; content:"leecurrylawfirm.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991698; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3532, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n5.lsasss.com"; dns.query; content:"n5.lsasss.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991699; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3533, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dohsg.tonedtanya.com"; dns.query; content:"dohsg.tonedtanya.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991700; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3534, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for redpanda.cyou"; dns.query; content:"redpanda.cyou"; nocase; fast_pattern; classtype:bad-unknown; sid:27991701; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3535, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rabmoor.cz"; dns.query; content:"adguard.rabmoor.cz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991702; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3536, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.alexanderkersten.de"; dns.query; content:"adguard.alexanderkersten.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991703; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3537, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.quartoz.de"; dns.query; content:"adguard.quartoz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991704; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3538, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.faze.dev"; dns.query; content:"dns.faze.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991705; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3539, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.titov.es"; dns.query; content:"adguard.titov.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27991706; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3540, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ship.ga"; dns.query; content:"dns.ship.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991707; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3541, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ychen.gq"; dns.query; content:"ychen.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27991708; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3542, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.chlaebi.info"; dns.query; content:"www.chlaebi.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991709; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3543, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.farakaft.ir"; dns.query; content:"dns.farakaft.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27991710; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3544, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.betelgeuse.link"; dns.query; content:"dns.betelgeuse.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991711; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3545, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chlaebi.synology.me"; dns.query; content:"chlaebi.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991712; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3546, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adgaurd.lingmont.net"; dns.query; content:"adgaurd.lingmont.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991713; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3547, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-cov-w-1.nashkan.net"; dns.query; content:"gb-cov-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991714; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3548, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-2.nashkan.net"; dns.query; content:"pl-waw-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991715; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3549, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-atl-w-2.nashkan.net"; dns.query; content:"us-atl-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991716; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3550, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.guard.ru.net"; dns.query; content:"ad.guard.ru.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991717; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3551, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for derekcastle.duckdns.org"; dns.query; content:"derekcastle.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991718; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3552, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for stuxen.duckdns.org"; dns.query; content:"stuxen.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991719; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3553, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr.pigs.eu.org"; dns.query; content:"kr.pigs.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991720; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3554, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.noehring.org"; dns.query; content:"dns.noehring.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991721; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3555, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mitar.ovh"; dns.query; content:"adguard.mitar.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991722; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3556, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adampowell.pro"; dns.query; content:"adampowell.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991723; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3557, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tiger.dns.qwer.pw"; dns.query; content:"tiger.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991724; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3558, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.kano.sh"; dns.query; content:"jp.kano.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991725; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3559, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for scrole.shop"; dns.query; content:"scrole.shop"; nocase; fast_pattern; classtype:bad-unknown; sid:27991726; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3560, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ytpom.tk"; dns.query; content:"ytpom.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991727; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3561, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns2.opi.pp.ua"; dns.query; content:"ns2.opi.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991728; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3562, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home3.brosena.xyz"; dns.query; content:"home3.brosena.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991729; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3563, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard2.dsns.cloud"; dns.query; content:"adguard2.dsns.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991730; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3564, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apne1.dns.terumi.club"; dns.query; content:"apne1.dns.terumi.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991731; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3565, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for multipurpose1.terumi.club"; dns.query; content:"multipurpose1.terumi.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991732; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3566, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.beliefanx.cn"; dns.query; content:"adguard.beliefanx.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27991733; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3567, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sagutxustech.com"; dns.query; content:"sagutxustech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991734; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3568, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.kuhlmannt.de"; dns.query; content:"home.kuhlmannt.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991735; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3569, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.wallura.eu"; dns.query; content:"adguard.wallura.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991736; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3570, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for justlife.fun"; dns.query; content:"justlife.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991737; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3571, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.alloxr.info"; dns.query; content:"dns.alloxr.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991738; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3572, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.alloxr.info"; dns.query; content:"vps.alloxr.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991739; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3573, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n.3363.net"; dns.query; content:"n.3363.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991740; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3574, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vanced.ddns.net"; dns.query; content:"vanced.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991741; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3575, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.misland.net"; dns.query; content:"dns.misland.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991742; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3576, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.snow-sugar.net"; dns.query; content:"home.snow-sugar.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991743; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3577, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ge.libaced.one"; dns.query; content:"ge.libaced.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27991744; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3578, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.nocnik.org"; dns.query; content:"adguard.nocnik.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991745; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3579, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for federicoferri.ovh"; dns.query; content:"federicoferri.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991746; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3580, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for link.altapo.ru"; dns.query; content:"link.altapo.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991747; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3581, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pozitiff4ik.ru"; dns.query; content:"pozitiff4ik.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991748; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3582, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpnonelove.ru"; dns.query; content:"vpnonelove.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991749; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3583, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for serv1.magnon-box.tk"; dns.query; content:"serv1.magnon-box.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991750; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3584, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.serv1.magnon-box.tk"; dns.query; content:"dns.serv1.magnon-box.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991751; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3585, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dhold.2025up.xyz"; dns.query; content:"dhold.2025up.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991752; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3586, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lyhlyh.xyz"; dns.query; content:"dns.lyhlyh.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991753; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3587, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns8.org"; dns.query; content:"dns8.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991754; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3663, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n0.eu"; dns.query; content:"n0.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991755; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3746, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.com"; dns.query; content:"ns3.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991756; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3754, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.cx"; dns.query; content:"ns3.cx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991757; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3755, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns3.link"; dns.query; content:"ns3.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27991758; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3756, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2.dionysus.beauty"; dns.query; content:"v2.dionysus.beauty"; nocase; fast_pattern; classtype:bad-unknown; sid:27991759; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3796, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 53.slepov.dev"; dns.query; content:"53.slepov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991760; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3797, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.d96.info"; dns.query; content:"dns.d96.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991761; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3798, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.d96.info"; dns.query; content:"www.dns.d96.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991762; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3799, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for porttwo.bigbangtheory.monster"; dns.query; content:"porttwo.bigbangtheory.monster"; nocase; fast_pattern; classtype:bad-unknown; sid:27991763; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3800, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.depieri.net"; dns.query; content:"adguard.depieri.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991764; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3801, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-3.nashkan.net"; dns.query; content:"au-syd-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991765; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3802, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.privilab.net"; dns.query; content:"dns.privilab.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991766; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3803, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addns1.m-it.ro"; dns.query; content:"addns1.m-it.ro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991767; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3804, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aalqudah.site"; dns.query; content:"aalqudah.site"; nocase; fast_pattern; classtype:bad-unknown; sid:27991768; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3805, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cearhome.top"; dns.query; content:"dns.cearhome.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991769; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3806, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lujiacai.top"; dns.query; content:"doh.lujiacai.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991770; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3807, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg.telex.app"; dns.query; content:"sg.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991771; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3808, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tapawan.ca"; dns.query; content:"dns.tapawan.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991772; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3809, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thanh933.cf"; dns.query; content:"thanh933.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991773; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3810, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for khsan.com"; dns.query; content:"khsan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991774; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3811, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.khsan.com"; dns.query; content:"www.khsan.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991775; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3812, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.netrope.com"; dns.query; content:"dns.netrope.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991776; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3813, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.phclinz.de"; dns.query; content:"dns.phclinz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991777; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3814, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.knytl.eu"; dns.query; content:"dns.knytl.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991778; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3815, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wkwkwk.fun"; dns.query; content:"dns.wkwkwk.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991779; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3816, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.delage.li"; dns.query; content:"nas.delage.li"; nocase; fast_pattern; classtype:bad-unknown; sid:27991780; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3817, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.boje8.me"; dns.query; content:"doh.boje8.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991781; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3818, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vvmm.me"; dns.query; content:"vvmm.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991782; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3819, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for per.adfilter.net"; dns.query; content:"per.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991783; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3820, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dpserver87.ddns.net"; dns.query; content:"dpserver87.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991784; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3821, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.surenic.net"; dns.query; content:"dns.surenic.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991785; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3822, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for deus-server.duckdns.org"; dns.query; content:"deus-server.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991786; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3823, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hooliganska.duckdns.org"; dns.query; content:"hooliganska.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991787; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3824, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for krtekvpn.duckdns.org"; dns.query; content:"krtekvpn.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991788; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3825, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.adblocker.eu.org"; dns.query; content:"dns.adblocker.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991789; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3826, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cyberspace.pw"; dns.query; content:"dns.cyberspace.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991790; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3827, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mirandil.ru"; dns.query; content:"dns.mirandil.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991791; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3828, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tg.pp.ru"; dns.query; content:"tg.pp.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991792; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3829, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thefuturegg.xyz"; dns.query; content:"thefuturegg.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991793; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3830, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ggdns.club"; dns.query; content:"ggdns.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991794; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3831, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.0ooo.icu"; dns.query; content:"dns.0ooo.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991795; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3832, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for add.nods.in"; dns.query; content:"add.nods.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27991796; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3833, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adh.sigma.monster"; dns.query; content:"adh.sigma.monster"; nocase; fast_pattern; classtype:bad-unknown; sid:27991797; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3834, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dyhw.ddns.net"; dns.query; content:"dyhw.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991798; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3835, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tungtsbn2000.viewdns.net"; dns.query; content:"tungtsbn2000.viewdns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991799; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3836, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wakgood.net"; dns.query; content:"dns.wakgood.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991800; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3837, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kolobok2.duckdns.orga"; dns.query; content:"kolobok2.duckdns.orga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991801; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3838, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for two.clanless.ovh"; dns.query; content:"two.clanless.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991802; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3839, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jellyhost.ovh"; dns.query; content:"adguard.jellyhost.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991803; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3840, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for steff.sbs"; dns.query; content:"steff.sbs"; nocase; fast_pattern; classtype:bad-unknown; sid:27991804; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3841, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for retrospecto.tk"; dns.query; content:"retrospecto.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991805; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3842, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.yzh97rc.xyz"; dns.query; content:"www.yzh97rc.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991806; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3843, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.a-desg.cc"; dns.query; content:"dns1.a-desg.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27991807; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3844, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cachitopetshop.com"; dns.query; content:"dns.cachitopetshop.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991808; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3845, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.niko-sem.com"; dns.query; content:"adguard.niko-sem.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991809; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3846, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for thecremeens.com"; dns.query; content:"thecremeens.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991810; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3847, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server3.boldteam.ir"; dns.query; content:"server3.boldteam.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27991811; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3848, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pass12335.myds.me"; dns.query; content:"pass12335.myds.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991812; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3849, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsblock.solvarea.nl"; dns.query; content:"dnsblock.solvarea.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991813; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3850, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mailer.amlegion.org"; dns.query; content:"mailer.amlegion.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991814; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3851, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dop.privatedns.org"; dns.query; content:"dop.privatedns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991815; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3852, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for p.dns.sh-box.ru"; dns.query; content:"p.dns.sh-box.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991816; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3853, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.cbio.top"; dns.query; content:"dns2.cbio.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991817; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3854, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.jnorton.us"; dns.query; content:"adg.jnorton.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27991818; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3855, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ermisguard.westeurope.cloudapp.azure.com"; dns.query; content:"ermisguard.westeurope.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991819; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3856, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.baabab.com"; dns.query; content:"dns.baabab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991820; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3857, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oracle.cepheus0.com"; dns.query; content:"oracle.cepheus0.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991821; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3858, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kngnet.de"; dns.query; content:"adguard.kngnet.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991822; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3859, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tabris-nas.synology.me"; dns.query; content:"tabris-nas.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991823; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3860, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh003.280blocker.net"; dns.query; content:"doh003.280blocker.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991824; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3861, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.kawpad.tk"; dns.query; content:"dns.kawpad.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991825; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3862, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.gnetworks.xyz"; dns.query; content:"dns.gnetworks.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991826; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3863, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns4me.net"; dns.query; content:"dns4me.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991827; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3872, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.chenu.ch"; dns.query; content:"dns.chenu.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991828; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4192, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.audet.cloud"; dns.query; content:"dns.audet.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991829; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4193, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ps1.modr.club"; dns.query; content:"ps1.modr.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27991830; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4194, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bahien.com"; dns.query; content:"dns.bahien.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991831; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4195, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.dashofsunny.com"; dns.query; content:"adguard.dashofsunny.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991832; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4196, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nongdanthanky.com"; dns.query; content:"nongdanthanky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991833; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4197, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome-vps.couli.fr"; dns.query; content:"adguardhome-vps.couli.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991834; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4198, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.opopop.fun"; dns.query; content:"dns.opopop.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991835; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4199, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for addguard.greenet.id"; dns.query; content:"addguard.greenet.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991836; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4200, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.richardapplegate.io"; dns.query; content:"adguard.richardapplegate.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991837; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4201, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for magicalvps.ml"; dns.query; content:"magicalvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991838; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4202, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cz-ces-w-1.nashkan.net"; dns.query; content:"cz-ces-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991839; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4203, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.qbak.net"; dns.query; content:"dns.qbak.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991840; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4204, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.qbak.net"; dns.query; content:"home.qbak.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991841; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4205, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unixfox.duckdns.org"; dns.query; content:"unixfox.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991842; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4206, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.pakharenko.ru"; dns.query; content:"vpn.pakharenko.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991843; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4207, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.norvrandt.co.uk"; dns.query; content:"home.norvrandt.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991844; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4208, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tcorexxx.uk"; dns.query; content:"tcorexxx.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991845; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4209, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blockemall.xyz"; dns.query; content:"blockemall.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991846; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4210, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kids.eyecay.xyz"; dns.query; content:"kids.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991847; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4211, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bwh2.telex.app"; dns.query; content:"bwh2.telex.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27991848; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4218, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for douglaster.com"; dns.query; content:"douglaster.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991849; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4219, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk22.hujiajun.com"; dns.query; content:"hk22.hujiajun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991850; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4220, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mipauns.com"; dns.query; content:"dns.mipauns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991851; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4221, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surfbelow.com"; dns.query; content:"surfbelow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991852; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4222, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for douglaster.coma"; dns.query; content:"douglaster.coma"; nocase; fast_pattern; classtype:bad-unknown; sid:27991853; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4223, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.bitteeinbyte.de"; dns.query; content:"adguard.bitteeinbyte.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991854; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4224, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xyz2.jammerxd.dev"; dns.query; content:"xyz2.jammerxd.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991855; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4225, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 3.11i.eu"; dns.query; content:"3.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991856; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4226, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsserver.mailchan.eu"; dns.query; content:"dnsserver.mailchan.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991857; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4227, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for axaxa.fun"; dns.query; content:"axaxa.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27991858; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4228, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cirruscloud.it"; dns.query; content:"cirruscloud.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27991859; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4229, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neptune.alpo.me"; dns.query; content:"neptune.alpo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991860; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4230, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for puerta.ml"; dns.query; content:"puerta.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991861; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4231, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for au-syd-w-2.nashkan.net"; dns.query; content:"au-syd-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991862; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4232, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-1.nashkan.net"; dns.query; content:"gb-lon-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991863; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4233, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gb-lon-w-4.nashkan.net"; dns.query; content:"gb-lon-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991864; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4234, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lt-vil-w-3.nashkan.net"; dns.query; content:"lt-vil-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991865; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4235, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pl-waw-w-1.nashkan.net"; dns.query; content:"pl-waw-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991866; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4236, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pt-lis-w-1.nashkan.net"; dns.query; content:"pt-lis-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991867; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4237, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-w-1.nashkan.net"; dns.query; content:"sg-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991868; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4238, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-atl-w-1.nashkan.net"; dns.query; content:"us-atl-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991869; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4239, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-1.nashkan.net"; dns.query; content:"us-chi-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991870; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4240, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-la-w-4.nashkan.net"; dns.query; content:"us-la-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991871; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4241, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.spaceindex.net"; dns.query; content:"adguard.spaceindex.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991872; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4242, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mcptero.teunschrader.nl"; dns.query; content:"mcptero.teunschrader.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991873; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4243, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for private-dns.provisionweb.org"; dns.query; content:"private-dns.provisionweb.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991874; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4244, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.seikson.ovh"; dns.query; content:"dns.seikson.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991875; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4245, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.itdept.pro"; dns.query; content:"dns.itdept.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991876; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4246, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dronix27.ru"; dns.query; content:"dronix27.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991877; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4247, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for muc-ns01.ibytex.systems"; dns.query; content:"muc-ns01.ibytex.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27991878; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4248, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.muc-ns01.ibytex.systems"; dns.query; content:"www.muc-ns01.ibytex.systems"; nocase; fast_pattern; classtype:bad-unknown; sid:27991879; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4249, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yvanliang.tech"; dns.query; content:"yvanliang.tech"; nocase; fast_pattern; classtype:bad-unknown; sid:27991880; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4250, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.art-nas.pp.ua"; dns.query; content:"dns2.art-nas.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991881; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4251, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dnsadguard.co.uk"; dns.query; content:"www.dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991882; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4252, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securedns.vendorvista.xyz"; dns.query; content:"securedns.vendorvista.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991883; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4253, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kudns.kescher.at"; dns.query; content:"kudns.kescher.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27991884; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4255, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thiagoalmeida.ca"; dns.query; content:"dns.thiagoalmeida.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991885; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4256, updated_at 2023_01_25;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aaytorr.com"; dns.query; content:"dns.aaytorr.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991886; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4260, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.adguard-dns.com"; dns.query; content:"d.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991887; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4261, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for awsdns.vpnrf.com"; dns.query; content:"awsdns.vpnrf.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991888; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4278, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.gslb2.xfinity.com"; dns.query; content:"doh2.gslb2.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991889; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4279, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for knight1.de"; dns.query; content:"knight1.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991890; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4281, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1.11i.eu"; dns.query; content:"1.11i.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991891; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4286, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for totoland.eu"; dns.query; content:"totoland.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991892; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4288, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsg.psyk.fr"; dns.query; content:"dnsg.psyk.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991893; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4289, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for safe.kswro.web.id"; dns.query; content:"safe.kswro.web.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991894; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4290, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for acomit.lk"; dns.query; content:"acomit.lk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991895; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4295, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.acomit.lk"; dns.query; content:"www.acomit.lk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991896; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4296, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crd.circl.lu"; dns.query; content:"crd.circl.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991897; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4297, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lon-dns.bitdefender.net"; dns.query; content:"lon-dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991898; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4300, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for peter-adguard.ddns.net"; dns.query; content:"peter-adguard.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991899; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4301, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for br-sao-w-1.nashkan.net"; dns.query; content:"br-sao-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991900; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4302, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for es-mad-w-2.nashkan.net"; dns.query; content:"es-mad-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991901; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4303, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv-rig-w-1.nashkan.net"; dns.query; content:"lv-rig-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991902; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4304, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nl-ams-w-3.nashkan.net"; dns.query; content:"nl-ams-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991903; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4305, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ro-buc-w-1.nashkan.net"; dns.query; content:"ro-buc-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991904; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4306, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drahonn.pro"; dns.query; content:"drahonn.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27991905; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4317, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freezy121.ru"; dns.query; content:"freezy121.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991906; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4319, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-yyz.doh.sb"; dns.query; content:"ca-yyz.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991907; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4322, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu.doh.sb"; dns.query; content:"eu.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991908; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4323, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe.doh.sb"; dns.query; content:"europe.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27991909; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4324, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsadguard.co.uk"; dns.query; content:"dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991910; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4325, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.burtnet.xyz"; dns.query; content:"dns1.burtnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991911; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4326, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.irumatech.com"; dns.query; content:"dns1.irumatech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991912; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4329, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for v2.xm706v.com"; dns.query; content:"v2.xm706v.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991913; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4330, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.norvig.dk"; dns.query; content:"dns.norvig.dk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991914; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4331, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mrcapslock.ir"; dns.query; content:"mrcapslock.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27991915; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4332, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.rennes.despagne.net"; dns.query; content:"adguard.rennes.despagne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991916; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4333, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for armorrush.eu.org"; dns.query; content:"armorrush.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991917; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4334, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for agafon.space"; dns.query; content:"agafon.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991918; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4335, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.agafon.space"; dns.query; content:"www.agafon.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27991919; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4336, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mydns.server-way.tk"; dns.query; content:"mydns.server-way.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27991920; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4337, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.r00l.pp.ua"; dns.query; content:"dns.r00l.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27991921; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4338, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dramangodns.cf"; dns.query; content:"dramangodns.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27991922; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4339, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.romantrojer.ch"; dns.query; content:"adguard.romantrojer.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27991923; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4340, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.freequensi.com"; dns.query; content:"dns.freequensi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991924; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4341, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.silentlybren.com"; dns.query; content:"dns.silentlybren.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991925; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4342, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lion.yazilimatolye.com"; dns.query; content:"lion.yazilimatolye.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991926; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4343, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns01.almir1904.eu"; dns.query; content:"dns01.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991927; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4344, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.almir1904.eu"; dns.query; content:"doh.almir1904.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991928; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4345, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mocha.r.rnet.ie"; dns.query; content:"mocha.r.rnet.ie"; nocase; fast_pattern; classtype:bad-unknown; sid:27991929; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4346, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg2.spacework.com.mx"; dns.query; content:"adg2.spacework.com.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27991930; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4347, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd.adfilter.net"; dns.query; content:"syd.adfilter.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991931; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4348, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pi.daryllswer.net"; dns.query; content:"pi.daryllswer.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991932; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4349, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gn6hoasz2o4tveit.dynv6.net"; dns.query; content:"gn6hoasz2o4tveit.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991933; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4350, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jeffreyblank.net"; dns.query; content:"jeffreyblank.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991934; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4351, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for green2.jnraptor.net"; dns.query; content:"green2.jnraptor.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991935; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4352, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.infrapod.nl"; dns.query; content:"adguard.infrapod.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991936; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4353, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crazyfamily.online"; dns.query; content:"crazyfamily.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991937; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4354, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for halfon.online"; dns.query; content:"halfon.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991938; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4355, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vadim.online"; dns.query; content:"vadim.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991939; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4356, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for os.vadim.online"; dns.query; content:"os.vadim.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27991940; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4357, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for datthinh1801-gcp.duckdns.org"; dns.query; content:"datthinh1801-gcp.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991941; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4358, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gunag.duckdns.org"; dns.query; content:"gunag.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991942; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4359, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.searom.ovh"; dns.query; content:"adguard.searom.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27991943; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4360, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dycn.vip"; dns.query; content:"dycn.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27991944; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4361, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dycn.vip"; dns.query; content:"www.dycn.vip"; nocase; fast_pattern; classtype:bad-unknown; sid:27991945; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4362, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ikarosalpha.xyz"; dns.query; content:"ikarosalpha.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27991946; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4363, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gateway.fomichev.cloud"; dns.query; content:"gateway.fomichev.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991947; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4365, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.h0schi.cloud"; dns.query; content:"dns2.h0schi.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27991948; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4366, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddd2.loukky.com"; dns.query; content:"ddd2.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991949; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4367, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.wistarip.com"; dns.query; content:"dns3.wistarip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991950; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4368, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cossxiu.ga"; dns.query; content:"cossxiu.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27991951; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4369, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.druta.me"; dns.query; content:"dns.druta.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991952; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4370, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvps.familiamv.ml"; dns.query; content:"dnsvps.familiamv.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27991953; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4371, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for andresmanuel.duckdns.org"; dns.query; content:"andresmanuel.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991954; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4372, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ttag.dns.nomu.pw"; dns.query; content:"ttag.dns.nomu.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991955; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4373, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.amigo-mgn.ru"; dns.query; content:"dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991956; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4374, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.dns.amigo-mgn.ru"; dns.query; content:"alisa.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991957; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4375, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.dns.amigo-mgn.ru"; dns.query; content:"igor.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991958; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4376, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kerio.dns.amigo-mgn.ru"; dns.query; content:"kerio.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991959; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4377, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.dns.amigo-mgn.ru"; dns.query; content:"kotys.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991960; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4378, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.dns.amigo-mgn.ru"; dns.query; content:"olga.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991961; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4379, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vlad.dns.amigo-mgn.ru"; dns.query; content:"vlad.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991962; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4380, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.dns.amigo-mgn.ru"; dns.query; content:"vovale.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991963; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4381, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wifi.dns.amigo-mgn.ru"; dns.query; content:"wifi.dns.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991964; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4382, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sip.amigo-mgn.ru"; dns.query; content:"sip.amigo-mgn.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991965; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4383, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sg-119.cattery.work"; dns.query; content:"sg-119.cattery.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27991966; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4384, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olcaylar.mooo.com"; dns.query; content:"olcaylar.mooo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991967; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4385, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.twtrs.com"; dns.query; content:"dns.twtrs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991968; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4386, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 1qaz.de"; dns.query; content:"1qaz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991969; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4387, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.firestrike-services.de"; dns.query; content:"adguard.firestrike-services.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991970; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4388, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.struchkov.dev"; dns.query; content:"dns.struchkov.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27991971; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4389, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.ubd.ac.id"; dns.query; content:"doh.ubd.ac.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27991972; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4390, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d3.supremum.io"; dns.query; content:"d3.supremum.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991973; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4391, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for neochronicles.live"; dns.query; content:"neochronicles.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27991974; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4392, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.jsanagustin.net"; dns.query; content:"adguard1.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991975; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4393, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.njy.jsanagustin.net"; dns.query; content:"adguard1.njy.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991976; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4394, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad1.heronet.nl"; dns.query; content:"ad1.heronet.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27991977; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4395, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for interestingly.eu.org"; dns.query; content:"interestingly.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991978; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4396, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.interestingly.eu.org"; dns.query; content:"www.interestingly.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991979; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4397, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.myddns.org"; dns.query; content:"adguard.myddns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27991980; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4398, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.sntrk.ru"; dns.query; content:"guard.sntrk.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27991981; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4399, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssilo.top"; dns.query; content:"dnssilo.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27991982; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4400, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yuan.idv.tw"; dns.query; content:"yuan.idv.tw"; nocase; fast_pattern; classtype:bad-unknown; sid:27991983; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4401, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edgeworkssystems.ca"; dns.query; content:"dns.edgeworkssystems.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27991984; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4402, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.qenisis.com"; dns.query; content:"adg.qenisis.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991985; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4403, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mainframe.dewed.de"; dns.query; content:"mainframe.dewed.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991986; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4404, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.frece.de"; dns.query; content:"adguard.frece.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27991987; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4405, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ard.net.sys.of.icu"; dns.query; content:"ard.net.sys.of.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27991988; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4406, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bilidon.dnsuser.info"; dns.query; content:"bilidon.dnsuser.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27991989; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4407, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.aman.ltd"; dns.query; content:"dns.aman.ltd"; nocase; fast_pattern; classtype:bad-unknown; sid:27991990; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4408, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp-tyo-w-1.nashkan.net"; dns.query; content:"jp-tyo-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991991; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4409, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh-target-noads-se.alekberg.net"; dns.query; content:"odoh-target-noads-se.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991992; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4413, updated_at 2023_01_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odoh-target.alekberg.net"; dns.query; content:"odoh-target.alekberg.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27991993; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4414, updated_at 2023_01_15;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for debian-01.eastasia.cloudapp.azure.com"; dns.query; content:"debian-01.eastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991994; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4418, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.warexify.com"; dns.query; content:"dns.warexify.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27991995; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4419, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for douglas.mebrak.fr"; dns.query; content:"douglas.mebrak.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27991996; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4420, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for services.akierry.io"; dns.query; content:"services.akierry.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27991997; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4421, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguardhome.takkunn.pgw.jp"; dns.query; content:"adguardhome.takkunn.pgw.jp"; nocase; fast_pattern; classtype:bad-unknown; sid:27991998; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4422, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for notecore.me"; dns.query; content:"notecore.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27991999; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4423, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.soncms.me"; dns.query; content:"dns.soncms.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992000; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4424, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a.sinafreenet.ml"; dns.query; content:"a.sinafreenet.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4425, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for echoe1yidzu4ioo5.myfritz.net"; dns.query; content:"echoe1yidzu4ioo5.myfritz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4426, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-fsn-w-3.nashkan.net"; dns.query; content:"de-fsn-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992003; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4427, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-w-4.nashkan.net"; dns.query; content:"hk-w-4.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4428, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguarddns.otroid.net"; dns.query; content:"adguarddns.otroid.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4429, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.4ab.nl"; dns.query; content:"dns.4ab.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992006; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4430, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.52306.org"; dns.query; content:"dns.52306.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4431, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.liumuze.org"; dns.query; content:"dns.liumuze.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4432, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rafal.top"; dns.query; content:"dns.rafal.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4433, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-api.icloud.com"; dns.query; content:"mask-api.icloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4435, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for unifi.carioka.com"; dns.query; content:"unifi.carioka.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992011; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4438, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guardians.jenspoelitz.de"; dns.query; content:"guardians.jenspoelitz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4439, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.asdw.fun"; dns.query; content:"dns.asdw.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4440, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for devsimo.it"; dns.query; content:"devsimo.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4441, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gztech.me"; dns.query; content:"gztech.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4442, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.jiagm.me"; dns.query; content:"dns.jiagm.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4443, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-sea-w-6.nashkan.net"; dns.query; content:"us-sea-w-6.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4444, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for carioka.dyndns.org"; dns.query; content:"carioka.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4445, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.lululu.eu.org"; dns.query; content:"doh.lululu.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4446, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ipharaon.ru"; dns.query; content:"ipharaon.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4447, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.marsnet.xyz"; dns.query; content:"dns.marsnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4448, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.datamatter.co.za"; dns.query; content:"pihole.datamatter.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27992022; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4449, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.stud.cloud"; dns.query; content:"dns.stud.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992023; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4450, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.dns.stud.cloud"; dns.query; content:"www.dns.stud.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4451, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keymiagar.ir"; dns.query; content:"keymiagar.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4452, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-sea-w-5.nashkan.net"; dns.query; content:"us-sea-w-5.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992026; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4453, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for greppie.nl"; dns.query; content:"greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4454, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for laptop001.greppie.nl"; dns.query; content:"laptop001.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992028; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4455, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maikel.greppie.nl"; dns.query; content:"maikel.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4456, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.greppie.nl"; dns.query; content:"www.greppie.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4457, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cqd.duckdns.org"; dns.query; content:"cqd.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992031; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4458, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas1403.duckdns.org"; dns.query; content:"nas1403.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992032; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4459, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bin.st"; dns.query; content:"dns.bin.st"; nocase; fast_pattern; classtype:bad-unknown; sid:27992033; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4460, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.040910.top"; dns.query; content:"www.040910.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992034; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4461, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xm.ln7371.top"; dns.query; content:"xm.ln7371.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992035; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4462, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpservice.cf"; dns.query; content:"vpservice.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992036; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4463, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anixlab.com"; dns.query; content:"anixlab.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992037; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4464, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.techromantica.com"; dns.query; content:"adguard.techromantica.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992038; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4465, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d-n-s.fun"; dns.query; content:"d-n-s.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992039; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4466, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for batshitcrazy.ddns.net"; dns.query; content:"batshitcrazy.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992040; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4467, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gustamadh.dynv6.net"; dns.query; content:"gustamadh.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4468, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securenet.mhsystems.net"; dns.query; content:"securenet.mhsystems.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4469, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aattwwss.duckdns.org"; dns.query; content:"aattwwss.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4470, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for area51.mywire.org"; dns.query; content:"area51.mywire.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992044; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4471, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.sekular.pl"; dns.query; content:"adguard.sekular.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27992045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4472, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lspcr.space"; dns.query; content:"adguard.lspcr.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992046; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4473, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd-docker.lspcr.space"; dns.query; content:"syd-docker.lspcr.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992047; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4474, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnshk.eve.surf"; dns.query; content:"dnshk.eve.surf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4475, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for an.loliconapp.top"; dns.query; content:"an.loliconapp.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4476, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.wns.watch"; dns.query; content:"dns.wns.watch"; nocase; fast_pattern; classtype:bad-unknown; sid:27992050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4477, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for atomicvps.xyz"; dns.query; content:"atomicvps.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4478, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.atomicvps.xyz"; dns.query; content:"www.atomicvps.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4479, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.dns-ga.de"; dns.query; content:"dns2.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4480, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns3.dns-ga.de"; dns.query; content:"dns3.dns-ga.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4481, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nebula.sly.io"; dns.query; content:"nebula.sly.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4482, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cgmzdd.com"; dns.query; content:"cgmzdd.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4484, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ghexu.com"; dns.query; content:"dns.ghexu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4485, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hubertdns.com"; dns.query; content:"hubertdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992058; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4486, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for uni.shy.as.towhy.com"; dns.query; content:"uni.shy.as.towhy.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4487, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.cloudlinz.de"; dns.query; content:"dns.cloudlinz.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992060; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4488, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pvsv.io"; dns.query; content:"pvsv.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992061; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4489, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cz-pra-w-1.nashkan.net"; dns.query; content:"cz-pra-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992062; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4490, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for punono.duckdns.org"; dns.query; content:"punono.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4491, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.thebuckners.org"; dns.query; content:"dns.thebuckners.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4492, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lion.dns.qwer.pw"; dns.query; content:"lion.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992065; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4493, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vmok.ru"; dns.query; content:"vmok.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992066; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4494, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.aghaaliagha.tk"; dns.query; content:"ad.aghaaliagha.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992067; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4495, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp1.f7b6h9.tk"; dns.query; content:"jp1.f7b6h9.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992068; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4496, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tiger2.tk"; dns.query; content:"tiger2.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992069; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4497, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for secure.avastdns.com"; dns.query; content:"secure.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4498, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lindung.pp.ua"; dns.query; content:"lindung.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992071; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4499, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rotunneling.net"; dns.query; content:"dns.rotunneling.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992072; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4500, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for securedns.buzz"; dns.query; content:"securedns.buzz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4501, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for emozee.cf"; dns.query; content:"emozee.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992074; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4502, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.jaydub.cloud"; dns.query; content:"adguard.jaydub.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992075; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4503, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.grantbruneau.com"; dns.query; content:"adguard.grantbruneau.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992076; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4505, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for strata.gurupannu.com"; dns.query; content:"strata.gurupannu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992077; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4506, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.strata.gurupannu.com"; dns.query; content:"dns.strata.gurupannu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992078; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4507, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homerouter-dns.strata.gurupannu.com"; dns.query; content:"homerouter-dns.strata.gurupannu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992079; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4508, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.strata.gurupannu.com"; dns.query; content:"vpn.strata.gurupannu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992080; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4509, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n11649246144.netvigator.com"; dns.query; content:"n11649246144.netvigator.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992081; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4510, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.nullrecon.com"; dns.query; content:"dns.nullrecon.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992082; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4511, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dev.reallemc.com"; dns.query; content:"dev.reallemc.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992083; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4512, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.kenzohost.de"; dns.query; content:"adguard.kenzohost.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4515, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for beacon.dog"; dns.query; content:"beacon.dog"; nocase; fast_pattern; classtype:bad-unknown; sid:27992085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4516, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adb-home.xaoimoon.fr"; dns.query; content:"adb-home.xaoimoon.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992086; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4517, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for groupy.ga"; dns.query; content:"groupy.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27992087; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4518, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jkdns.me"; dns.query; content:"jkdns.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992088; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4520, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for apollo.collectivemedia.network"; dns.query; content:"apollo.collectivemedia.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992089; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4522, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dog.dns.qwer.pw"; dns.query; content:"dog.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992090; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4523, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guard.magic-pics.tk"; dns.query; content:"guard.magic-pics.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992091; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4524, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.gbrossi.com.br"; dns.query; content:"adguard.gbrossi.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27992092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4527, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ekipapi.com"; dns.query; content:"dns.ekipapi.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992093; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4528, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pix.piriot.de"; dns.query; content:"pix.piriot.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992094; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4529, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.edison42.dev"; dns.query; content:"dns.edison42.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27992095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4530, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hgns.harriganhome.ga"; dns.query; content:"hgns.harriganhome.ga"; nocase; fast_pattern; classtype:bad-unknown; sid:27992096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4531, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tanmoyvpn.ddns.net"; dns.query; content:"tanmoyvpn.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992097; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4532, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for akhilkalwakurthy.dyndns.org"; dns.query; content:"akhilkalwakurthy.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4533, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sv3.minhduc.pw"; dns.query; content:"sv3.minhduc.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4534, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for homelabjaw.tk"; dns.query; content:"homelabjaw.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992100; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4535, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kintyre.uk"; dns.query; content:"kintyre.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992101; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4536, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kintyre.uk"; dns.query; content:"www.kintyre.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992102; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4537, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gaoadmin.win"; dns.query; content:"gaoadmin.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27992103; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4538, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jpok.996333.xyz"; dns.query; content:"jpok.996333.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992104; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4539, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fra1.eyecay.xyz"; dns.query; content:"fra1.eyecay.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992105; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4540, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.mjthemelancholy.xyz"; dns.query; content:"adguard.mjthemelancholy.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4541, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.ssrahul96.xyz"; dns.query; content:"ag.ssrahul96.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992107; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4542, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.onedns.net"; dns.query; content:"doh.onedns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992108; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4543, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lapanovi.ch"; dns.query; content:"lapanovi.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27992109; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4544, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for funwithtape.com"; dns.query; content:"funwithtape.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992110; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4545, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 6692.giize.com"; dns.query; content:"6692.giize.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992111; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4546, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for n-wan.dynv6.net"; dns.query; content:"n-wan.dynv6.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992112; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4547, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.samuelthomasfamily.net"; dns.query; content:"adguard.samuelthomasfamily.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992113; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4548, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for k0rtus-gg.ru"; dns.query; content:"k0rtus-gg.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992114; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4549, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.korks.tk"; dns.query; content:"adguard.korks.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992115; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4550, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for guoyingwei.top"; dns.query; content:"guoyingwei.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992116; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4551, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.guoyingwei.top"; dns.query; content:"www.guoyingwei.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992117; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4552, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hewittnet.us"; dns.query; content:"hewittnet.us"; nocase; fast_pattern; classtype:bad-unknown; sid:27992118; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4553, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darktraffic.cloud"; dns.query; content:"darktraffic.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992119; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4554, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.darktraffic.cloud"; dns.query; content:"dns.darktraffic.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27992120; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4555, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.mzrme.cn"; dns.query; content:"dns.mzrme.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992121; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4556, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.me7878.com"; dns.query; content:"dns.me7878.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992122; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4557, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.porteii.com"; dns.query; content:"dns.porteii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4558, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uuming.com"; dns.query; content:"dns.uuming.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4559, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dr-adguard.de"; dns.query; content:"dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4560, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server01.dr-adguard.de"; dns.query; content:"server01.dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4561, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server02.dr-adguard.de"; dns.query; content:"server02.dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4562, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server03.dr-adguard.de"; dns.query; content:"server03.dr-adguard.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4563, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.v1l.de"; dns.query; content:"adguard.v1l.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4564, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for a11.diplo.es"; dns.query; content:"a11.diplo.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27992130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4565, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for note11.diplo.es"; dns.query; content:"note11.diplo.es"; nocase; fast_pattern; classtype:bad-unknown; sid:27992131; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4566, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.steinr.eu"; dns.query; content:"dns.steinr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4567, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dgea.fr"; dns.query; content:"dns.dgea.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4568, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for blockerads.multimediaconcept.fr"; dns.query; content:"blockerads.multimediaconcept.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4569, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tuic.salome.my.id"; dns.query; content:"tuic.salome.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4570, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hyperspace.toxopeus.it"; dns.query; content:"hyperspace.toxopeus.it"; nocase; fast_pattern; classtype:bad-unknown; sid:27992136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4571, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.rynet.link"; dns.query; content:"vpn.rynet.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4572, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cloud10.ownvps.ml"; dns.query; content:"cloud10.ownvps.ml"; nocase; fast_pattern; classtype:bad-unknown; sid:27992138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4573, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for travis90x.ddns.net"; dns.query; content:"travis90x.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4574, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ocedric.net"; dns.query; content:"dns.ocedric.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992140; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4575, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ssh-storage.ru"; dns.query; content:"ssh-storage.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4576, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dot.ssh-storage.ru"; dns.query; content:"dot.ssh-storage.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992142; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4577, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns0.tardishost.ru"; dns.query; content:"dns0.tardishost.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4578, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.tah.space"; dns.query; content:"dns.tah.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27992144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4579, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adg.jmdesign.uk"; dns.query; content:"adg.jmdesign.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4580, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp2.101818.xyz"; dns.query; content:"jp2.101818.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992146; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4581, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for q3i6k7j3.stackpathcdn.com"; dns.query; content:"q3i6k7j3.stackpathcdn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992147; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4911, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.yzh.asia"; dns.query; content:"dns.yzh.asia"; nocase; fast_pattern; classtype:bad-unknown; sid:27992148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5005, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for feifei200x12.cf"; dns.query; content:"feifei200x12.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5006, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for office.heimtec.com"; dns.query; content:"office.heimtec.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992150; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5007, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lat-team.com"; dns.query; content:"dns.lat-team.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992151; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5008, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.safeith.com"; dns.query; content:"dns.safeith.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992152; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5009, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sdnscarme.com"; dns.query; content:"sdnscarme.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992153; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5010, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.janl.eu"; dns.query; content:"dns.janl.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992154; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5012, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dr3d.my.id"; dns.query; content:"dr3d.my.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27992155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5013, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.connexum.mx"; dns.query; content:"adguard.connexum.mx"; nocase; fast_pattern; classtype:bad-unknown; sid:27992156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5014, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shutgaming.net"; dns.query; content:"adguard.shutgaming.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5017, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ag.wntrmute.net"; dns.query; content:"ag.wntrmute.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5018, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.oursecure.network"; dns.query; content:"dns.oursecure.network"; nocase; fast_pattern; classtype:bad-unknown; sid:27992159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5019, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.forst.one"; dns.query; content:"adguard1.forst.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5020, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mykewl.pro"; dns.query; content:"mykewl.pro"; nocase; fast_pattern; classtype:bad-unknown; sid:27992161; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5021, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.jmarkin.ru"; dns.query; content:"vps.jmarkin.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5022, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.vk09.ru"; dns.query; content:"dns.vk09.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992163; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5023, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.swehosting.se"; dns.query; content:"dns.swehosting.se"; nocase; fast_pattern; classtype:bad-unknown; sid:27992164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5024, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for bevrydns.stream"; dns.query; content:"bevrydns.stream"; nocase; fast_pattern; classtype:bad-unknown; sid:27992165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5025, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.bezainf.tk"; dns.query; content:"dns.bezainf.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992166; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5026, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.bezainf.tk"; dns.query; content:"vpn.bezainf.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992167; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5027, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for joy096speed.pp.ua"; dns.query; content:"joy096speed.pp.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992168; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5028, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pooblet.co.za"; dns.query; content:"pooblet.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27992169; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5029, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnss.tlers.cf"; dns.query; content:"dnss.tlers.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27992170; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5030, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-guard2.cryptroute.com"; dns.query; content:"dns-guard2.cryptroute.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992171; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5031, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for storydoh.kinergetica.com"; dns.query; content:"storydoh.kinergetica.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992172; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5032, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.shoupperuser.com"; dns.query; content:"adguard.shoupperuser.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992173; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5033, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsoci.uplenk.com"; dns.query; content:"dnsoci.uplenk.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992174; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5034, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.slvrsrvr.de"; dns.query; content:"dns1.slvrsrvr.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5035, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.klcd.eu"; dns.query; content:"dns2.klcd.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992176; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5036, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for de-nue-w-2.nashkan.net"; dns.query; content:"de-nue-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992177; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5037, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rabanete.duckdns.org"; dns.query; content:"rabanete.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992178; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5038, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kaiser.int.eu.org"; dns.query; content:"kaiser.int.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5039, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for frog.dns.qwer.pw"; dns.query; content:"frog.dns.qwer.pw"; nocase; fast_pattern; classtype:bad-unknown; sid:27992180; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5040, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.msameh.tk"; dns.query; content:"dns.msameh.tk"; nocase; fast_pattern; classtype:bad-unknown; sid:27992181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5041, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dentora.ca"; dns.query; content:"dentora.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27992182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5042, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oradns.anbitech.com"; dns.query; content:"oradns.anbitech.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5043, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for drive.jjlizz.com"; dns.query; content:"drive.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992184; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5044, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns.mtsoln.com"; dns.query; content:"ns.mtsoln.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5045, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.majaroboan.de"; dns.query; content:"dns.majaroboan.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5046, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for i.solutics.ec"; dns.query; content:"i.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27992187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5047, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.i.solutics.ec"; dns.query; content:"dns.i.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27992188; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5048, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.i.solutics.ec"; dns.query; content:"home.i.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27992189; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5049, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for plex.i.solutics.ec"; dns.query; content:"plex.i.solutics.ec"; nocase; fast_pattern; classtype:bad-unknown; sid:27992190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5050, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lax.core.access.zznet.fun"; dns.query; content:"lax.core.access.zznet.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27992191; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5051, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d3.shabi.icu"; dns.query; content:"d3.shabi.icu"; nocase; fast_pattern; classtype:bad-unknown; sid:27992192; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5052, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.fahr.in"; dns.query; content:"dns.fahr.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27992193; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5053, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.lalafell.info"; dns.query; content:"dns.lalafell.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27992194; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5054, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.insec.link"; dns.query; content:"dns.insec.link"; nocase; fast_pattern; classtype:bad-unknown; sid:27992195; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5055, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dsh.lol"; dns.query; content:"dns.dsh.lol"; nocase; fast_pattern; classtype:bad-unknown; sid:27992196; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5056, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for seanyan.ddns.net"; dns.query; content:"seanyan.ddns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5057, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hk-w-1.nashkan.net"; dns.query; content:"hk-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5058, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ru-mos-w-2.nashkan.net"; dns.query; content:"ru-mos-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5059, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-jac-w-1.nashkan.net"; dns.query; content:"us-jac-w-1.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992200; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5060, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for w2hq5e27.altigen.org"; dns.query; content:"w2hq5e27.altigen.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992201; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5061, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for clubsv.duckdns.org"; dns.query; content:"clubsv.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992202; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5062, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for filya.fb.i81.ru"; dns.query; content:"filya.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992203; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5063, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lena.fb.i81.ru"; dns.query; content:"lena.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5064, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vasya.fb.i81.ru"; dns.query; content:"vasya.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5065, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vovale.fb.i81.ru"; dns.query; content:"vovale.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5066, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for win10virtual.fb.i81.ru"; dns.query; content:"win10virtual.fb.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5067, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for markolll.ru"; dns.query; content:"markolll.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992208; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5068, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.markolll.ru"; dns.query; content:"www.markolll.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992209; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5069, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for todns.work"; dns.query; content:"todns.work"; nocase; fast_pattern; classtype:bad-unknown; sid:27992210; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5070, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rsnetwork.be"; dns.query; content:"dns.rsnetwork.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27992211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5072, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kintoun.alves.cc"; dns.query; content:"kintoun.alves.cc"; nocase; fast_pattern; classtype:bad-unknown; sid:27992212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5073, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.brandonsli.com"; dns.query; content:"adguard.brandonsli.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5074, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for essentiallyjay.com"; dns.query; content:"essentiallyjay.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5075, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for storage.jjlizz.com"; dns.query; content:"storage.jjlizz.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5076, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nayemador.com"; dns.query; content:"nayemador.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5077, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mimir.netwerk.io"; dns.query; content:"mimir.netwerk.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27992217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5078, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.keipert.me"; dns.query; content:"dns2.keipert.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27992218; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5079, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.one23.one"; dns.query; content:"doh.one23.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27992219; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5080, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.sac.rebl.eu.org"; dns.query; content:"dns.sac.rebl.eu.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992220; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5081, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hr.i81.ru"; dns.query; content:"hr.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992221; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5082, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vpn.i81.ru"; dns.query; content:"vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992222; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5083, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alisa.vpn.i81.ru"; dns.query; content:"alisa.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992223; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5084, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amigo.vpn.i81.ru"; dns.query; content:"amigo.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992224; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5085, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for igor.vpn.i81.ru"; dns.query; content:"igor.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992225; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5086, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kotys.vpn.i81.ru"; dns.query; content:"kotys.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5087, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for luba.vpn.i81.ru"; dns.query; content:"luba.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992227; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5088, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for olga.vpn.i81.ru"; dns.query; content:"olga.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992228; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5089, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vova.vpn.i81.ru"; dns.query; content:"vova.vpn.i81.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992229; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5090, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kondrcloud.ru"; dns.query; content:"kondrcloud.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5091, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.kondrcloud.ru"; dns.query; content:"www.kondrcloud.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992231; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5092, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vudy.ru"; dns.query; content:"vudy.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27992232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5093, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for skyline.vvvvvei.win"; dns.query; content:"skyline.vvvvvei.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27992233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5094, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.532641.xyz"; dns.query; content:"dns.532641.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5095, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for di2626.xyz"; dns.query; content:"di2626.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992235; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5096, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard.lalantha.xyz"; dns.query; content:"adguard.lalantha.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992236; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5097, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oracle-lab01.crmd.co.za"; dns.query; content:"oracle-lab01.crmd.co.za"; nocase; fast_pattern; classtype:bad-unknown; sid:27992237; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5098, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.borlee.be"; dns.query; content:"dns.borlee.be"; nocase; fast_pattern; classtype:bad-unknown; sid:27992238; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5099, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.schlagheck.berlin"; dns.query; content:"dns.schlagheck.berlin"; nocase; fast_pattern; classtype:bad-unknown; sid:27992239; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5100, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for arrakis.korolyzer.com.br"; dns.query; content:"arrakis.korolyzer.com.br"; nocase; fast_pattern; classtype:bad-unknown; sid:27992240; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5101, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.muadib.club"; dns.query; content:"dns.muadib.club"; nocase; fast_pattern; classtype:bad-unknown; sid:27992241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5102, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for green.cyberbeta.cn"; dns.query; content:"green.cyberbeta.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27992242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5103, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for nas.embraced.co"; dns.query; content:"nas.embraced.co"; nocase; fast_pattern; classtype:bad-unknown; sid:27992243; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5104, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gosuntrip.com"; dns.query; content:"gosuntrip.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992244; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5105, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mcttechs.com"; dns.query; content:"mcttechs.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992245; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5106, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jp.meidouling.com"; dns.query; content:"jp.meidouling.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992246; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5107, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rnaybank.com"; dns.query; content:"rnaybank.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992247; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5108, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.rnaybank.com"; dns.query; content:"dns.rnaybank.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992248; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5109, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for spacexnetdomain.com"; dns.query; content:"spacexnetdomain.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27992249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5110, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for odon.de"; dns.query; content:"odon.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27992250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5111, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ad.visbran.fr"; dns.query; content:"ad.visbran.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27992251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5112, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for maye.ir"; dns.query; content:"maye.ir"; nocase; fast_pattern; classtype:bad-unknown; sid:27992252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5113, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.ccrespawn.net"; dns.query; content:"dns.ccrespawn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5114, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-bhs-w-2.nashkan.net"; dns.query; content:"ca-bhs-w-2.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5115, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us-chi-w-3.nashkan.net"; dns.query; content:"us-chi-w-3.nashkan.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27992255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5116, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for darkboyjyoti.online"; dns.query; content:"darkboyjyoti.online"; nocase; fast_pattern; classtype:bad-unknown; sid:27992256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5117, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for azagramac.duckdns.org"; dns.query; content:"azagramac.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5118, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gwps.duckdns.org"; dns.query; content:"gwps.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27992258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5119, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cdn.implementsfreedom.studio"; dns.query; content:"cdn.implementsfreedom.studio"; nocase; fast_pattern; classtype:bad-unknown; sid:27992259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5120, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lboxtv.top"; dns.query; content:"lboxtv.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5121, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.lboxtv.top"; dns.query; content:"www.lboxtv.top"; nocase; fast_pattern; classtype:bad-unknown; sid:27992261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5122, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 01qnpxtzym02adjlrcub03.sergeykobzar.com.ua"; dns.query; content:"01qnpxtzym02adjlrcub03.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992262; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5123, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 04qnpxtzym05adjlrcub06.sergeykobzar.com.ua"; dns.query; content:"04qnpxtzym05adjlrcub06.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992263; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5124, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 07qnpxtzym08adjlrcub09.sergeykobzar.com.ua"; dns.query; content:"07qnpxtzym08adjlrcub09.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992264; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5125, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 10qnpxtzym11adjlrcub12.sergeykobzar.com.ua"; dns.query; content:"10qnpxtzym11adjlrcub12.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992265; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5126, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 13qnpxtzym14adjlrcub15.sergeykobzar.com.ua"; dns.query; content:"13qnpxtzym14adjlrcub15.sergeykobzar.com.ua"; nocase; fast_pattern; classtype:bad-unknown; sid:27992266; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5127, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.4-the.win"; dns.query; content:"dns.4-the.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27992267; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5128, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.240527.xyz"; dns.query; content:"dns.240527.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992268; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5129, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.hackerwolf.xyz"; dns.query; content:"dns.hackerwolf.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992269; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5130, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for wzybigman.xyz"; dns.query; content:"wzybigman.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5131, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for www.wzybigman.xyz"; dns.query; content:"www.wzybigman.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27992271; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5132, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lux1.nixnet.xyz"; dns.query; content:"lux1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997001; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 100 101, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lv1.nixnet.xyz"; dns.query; content:"lv1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997002; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 96 97, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ny1.nixnet.xyz"; dns.query; content:"ny1.nixnet.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997004; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 98 99, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns1.steering.nextdns.io"; dns.query; content:"dns1.steering.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27997005; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 250, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns2.steering.nextdns.io"; dns.query; content:"dns2.steering.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27997007; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 251, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-prod-bc43efde54c7e228.elb.us-east-1.amazonaws.com"; dns.query; content:"dns-prod-bc43efde54c7e228.elb.us-east-1.amazonaws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997008; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 304, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for integration.dnsteam.globuscs.info"; dns.query; content:"integration.dnsteam.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997009; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 305, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for preview.dnsteam.globuscs.info"; dns.query; content:"preview.dnsteam.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997010; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 306, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-sandbox-3291100252b8f52b.elb.us-east-1.amazonaws.com"; dns.query; content:"dns-sandbox-3291100252b8f52b.elb.us-east-1.amazonaws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997012; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 308, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for staging.dnsteam.globuscs.info"; dns.query; content:"staging.dnsteam.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997013; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 309, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for test.dnsteam.globuscs.info"; dns.query; content:"test.dnsteam.globuscs.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997014; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 310, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for crd.circl.lu"; dns.query; content:"crd.circl.lu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997015; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 569, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for webredir.vip.gandi.net"; dns.query; content:"webredir.vip.gandi.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997016; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 522, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns-nyc.aaflalo.me"; dns.query; content:"dns-nyc.aaflalo.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27997017; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 156, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnstls.neutopia.org"; dns.query; content:"dnstls.neutopia.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997018; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 246, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for steering.nextdns.io"; dns.query; content:"steering.nextdns.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27997019; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 93 383 1098 1280, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for td-doh.dns.t53.de"; dns.query; content:"td-doh.dns.t53.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997020; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 134, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for antidns.s.tuna.tsinghua.edu.cn"; dns.query; content:"antidns.s.tuna.tsinghua.edu.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27997021; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 319, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for radia.bortzmeyer.org"; dns.query; content:"radia.bortzmeyer.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997024; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 549, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for static.captnemo.in"; dns.query; content:"static.captnemo.in"; nocase; fast_pattern; classtype:bad-unknown; sid:27997025; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 13, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for anycast.ffmuc.net"; dns.query; content:"anycast.ffmuc.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997027; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 74 1031, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ntu.ssooss.win"; dns.query; content:"ntu.ssooss.win"; nocase; fast_pattern; classtype:bad-unknown; sid:27997029; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 611, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.gslb2.xfinity.com"; dns.query; content:"doh2.gslb2.xfinity.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997030; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 48, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh1.b-cdn.net"; dns.query; content:"doh1.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997041; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 906, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh2.b-cdn.net"; dns.query; content:"doh2.b-cdn.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997042; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 908, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu.doh.sb"; dns.query; content:"eu.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27997043; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 71 4324, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe.doh.sb"; dns.query; content:"europe.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27997045; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 71, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.tiar.app"; dns.query; content:"doh.tiar.app"; nocase; fast_pattern; classtype:bad-unknown; sid:27997048; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1037, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for doh.dns.apple.com.v.aaplimg.com"; dns.query; content:"doh.dns.apple.com.v.aaplimg.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997049; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1076, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eu-frankfurt-1.oci.oraclecloud.com"; dns.query; content:"dns.eu-frankfurt-1.oci.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997050; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 314, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.eu-frankfurt-1.oci.oraclecloud.net"; dns.query; content:"dns.eu-frankfurt-1.oci.oraclecloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997051; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 314, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uk-london-1.oci.oraclecloud.com"; dns.query; content:"dns.uk-london-1.oci.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997052; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 320, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.uk-london-1.oci.oraclecloud.net"; dns.query; content:"dns.uk-london-1.oci.oraclecloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997053; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 320, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-ashburn-1.oci.oraclecloud.com"; dns.query; content:"dns.us-ashburn-1.oci.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997054; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 321, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-ashburn-1.oci.oraclecloud.net"; dns.query; content:"dns.us-ashburn-1.oci.oraclecloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997055; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 321, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-phoenix-1.oci.oraclecloud.com"; dns.query; content:"dns.us-phoenix-1.oci.oraclecloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997056; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 322, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.us-phoenix-1.oci.oraclecloud.net"; dns.query; content:"dns.us-phoenix-1.oci.oraclecloud.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997057; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 322, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.quickline.ch"; dns.query; content:"dns.quickline.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27997059; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1099 1511, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d2bphvjyj895l0.cloudfront.net"; dns.query; content:"d2bphvjyj895l0.cloudfront.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997063; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 307, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 360.233py.com"; dns.query; content:"360.233py.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997064; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 76 77 78 79 80 152, updated_at 2023_01_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask.apple-dns.net"; dns.query; content:"mask.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997070; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1298 1299, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for 15815d9ce5f441edaa1f33f62761ff16.pacloudflare.com"; dns.query; content:"15815d9ce5f441edaa1f33f62761ff16.pacloudflare.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997073; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 871, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for edgy-dns.com"; dns.query; content:"edgy-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997084; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 870, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu-opush-heytapmobile-pubgw-1244993624.eu-west-3.elb.amazonaws.com"; dns.query; content:"eu-opush-heytapmobile-pubgw-1244993624.eu-west-3.elb.amazonaws.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997085; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1390, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ca-yyz.doh.sb"; dns.query; content:"ca-yyz.doh.sb"; nocase; fast_pattern; classtype:bad-unknown; sid:27997092; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1689, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gateway-el.cname.ustclug.org"; dns.query; content:"gateway-el.cname.ustclug.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997095; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1725, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for masters-of-cloud.de"; dns.query; content:"masters-of-cloud.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997096; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 1583, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.dnswarden.com"; dns.query; content:"dns.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997098; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 12, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for geo.dnswarden.com"; dns.query; content:"geo.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997099; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 12 1414, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eu.geo.dnswarden.com"; dns.query; content:"eu.geo.dnswarden.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997106; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 12 1414, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lon-dns.bitdefender.net"; dns.query; content:"lon-dns.bitdefender.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997123; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2074, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kudns.kescher.at"; dns.query; content:"kudns.kescher.at"; nocase; fast_pattern; classtype:bad-unknown; sid:27997124; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2138, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sh.totoro.pub"; dns.query; content:"sh.totoro.pub"; nocase; fast_pattern; classtype:bad-unknown; sid:27997125; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2150, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sexybody.myqnapcloud.com"; dns.query; content:"sexybody.myqnapcloud.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997126; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2154, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for forum.ginovs.nl"; dns.query; content:"forum.ginovs.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997127; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2160, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for argon.molinero.dev"; dns.query; content:"argon.molinero.dev"; nocase; fast_pattern; classtype:bad-unknown; sid:27997128; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2165, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dyn-ip.borjalopez.eu"; dns.query; content:"dyn-ip.borjalopez.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997129; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2181, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for shard.ender.fr"; dns.query; content:"shard.ender.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997130; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2226, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tezoi.duckdns.org"; dns.query; content:"tezoi.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997132; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2248, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hahnjo.de"; dns.query; content:"hahnjo.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997133; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2212, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for hz1.h.indust.me"; dns.query; content:"hz1.h.indust.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27997134; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2210, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rin.sh"; dns.query; content:"rin.sh"; nocase; fast_pattern; classtype:bad-unknown; sid:27997135; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2241, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lab.sellan.fr"; dns.query; content:"lab.sellan.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997136; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2242, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for lab-1.sellan.fr"; dns.query; content:"lab-1.sellan.fr"; nocase; fast_pattern; classtype:bad-unknown; sid:27997137; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2242, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rachel.jeroenhd.nl"; dns.query; content:"rachel.jeroenhd.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997138; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2211, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srv1.web-mx.eu"; dns.query; content:"srv1.web-mx.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997139; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2356, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for resolver.cloudflare-eth.com"; dns.query; content:"resolver.cloudflare-eth.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997141; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2473, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for oko.haneulo.com"; dns.query; content:"oko.haneulo.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997143; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2492, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cname-for-doh.go-behind.one"; dns.query; content:"cname-for-doh.go-behind.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27997144; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2494 2495, updated_at 2023_01_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for auto-cn-hk-8000.go-behind.one"; dns.query; content:"auto-cn-hk-8000.go-behind.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27997145; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2494 2495, updated_at 2023_01_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for haswell-www.a.guindehi.ch"; dns.query; content:"haswell-www.a.guindehi.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27997148; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2486, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pihole.gcp.pathofgrace.com"; dns.query; content:"pihole.gcp.pathofgrace.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997149; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2501, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d.adguard-dns.com"; dns.query; content:"d.adguard-dns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997155; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2584, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for srv-revprox-01.atakorah.com"; dns.query; content:"srv-revprox-01.atakorah.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997156; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2582, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pair02-02.ihatemy.live"; dns.query; content:"pair02-02.ihatemy.live"; nocase; fast_pattern; classtype:bad-unknown; sid:27997157; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2555, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mimile.despagne.net"; dns.query; content:"mimile.despagne.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997158; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2565, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mimile.despagne.ovh"; dns.query; content:"mimile.despagne.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27997159; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2565, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnssurobe.southeastasia.cloudapp.azure.com"; dns.query; content:"dnssurobe.southeastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997160; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2592, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for heimdall.ff0x.ca"; dns.query; content:"heimdall.ff0x.ca"; nocase; fast_pattern; classtype:bad-unknown; sid:27997162; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2611, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mitron.one"; dns.query; content:"mitron.one"; nocase; fast_pattern; classtype:bad-unknown; sid:27997164; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2680, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kirmanak.gq"; dns.query; content:"kirmanak.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27997165; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2740, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for surfbelow.com"; dns.query; content:"surfbelow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997175; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2725, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for yario.ru"; dns.query; content:"yario.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27997179; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2875, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amd2.nzcow.com"; dns.query; content:"amd2.nzcow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997181; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2900, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for alpha-dns.de"; dns.query; content:"alpha-dns.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997182; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2906, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for kr.loukky.com"; dns.query; content:"kr.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997183; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2954, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rabenhain.net"; dns.query; content:"rabenhain.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997185; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2967, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gcp.nzcow.com"; dns.query; content:"gcp.nzcow.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997186; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3000, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for gm-dns-01.southcentralus.azurecontainer.io"; dns.query; content:"gm-dns-01.southcentralus.azurecontainer.io"; nocase; fast_pattern; classtype:bad-unknown; sid:27997187; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2993 2994, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for zephyrus.id"; dns.query; content:"zephyrus.id"; nocase; fast_pattern; classtype:bad-unknown; sid:27997190; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2984, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for us.novali.date"; dns.query; content:"us.novali.date"; nocase; fast_pattern; classtype:bad-unknown; sid:27997197; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3073, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for marcrnt.ddnss.de"; dns.query; content:"marcrnt.ddnss.de"; nocase; fast_pattern; classtype:bad-unknown; sid:27997198; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3076, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for incaseineeditoneday.com"; dns.query; content:"incaseineeditoneday.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997199; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3061, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.firefenix.cf"; dns.query; content:"home.firefenix.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27997204; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3174 3176, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for firefenix.duckdns.org"; dns.query; content:"firefenix.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997205; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3174 3175 3176, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for aws.haoxuan.xyz"; dns.query; content:"aws.haoxuan.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997206; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3241, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for home.tuankhaiit.com"; dns.query; content:"home.tuankhaiit.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997207; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3192, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vps.vokuev.org"; dns.query; content:"vps.vokuev.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997211; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3223, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ddns.l2h8.cn"; dns.query; content:"ddns.l2h8.cn"; nocase; fast_pattern; classtype:bad-unknown; sid:27997212; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3245, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for d4a0daf.online-server.cloud"; dns.query; content:"d4a0daf.online-server.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27997213; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3251, updated_at 2023_01_26;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for piekacz.pl"; dns.query; content:"piekacz.pl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997214; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3303, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for fcpsunleashed.org"; dns.query; content:"fcpsunleashed.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997215; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3297 3298 3299, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.l.ovpn.bond"; dns.query; content:"dns.l.ovpn.bond"; nocase; fast_pattern; classtype:bad-unknown; sid:27997216; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3268, updated_at 2023_01_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns0.l.ovpn.bond"; dns.query; content:"ns0.l.ovpn.bond"; nocase; fast_pattern; classtype:bad-unknown; sid:27997217; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3268, updated_at 2023_01_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard01.wydler.eu"; dns.query; content:"adguard01.wydler.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997226; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3323, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ss.0rz.space"; dns.query; content:"ss.0rz.space"; nocase; fast_pattern; classtype:bad-unknown; sid:27997230; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3409, updated_at 2023_01_27;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for tjucker-ch.internet-box.ch"; dns.query; content:"tjucker-ch.internet-box.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27997232; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3367, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for node.thierryserver.nl"; dns.query; content:"node.thierryserver.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997233; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3391, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for meudns.minhacasainteligente.cf"; dns.query; content:"meudns.minhacasainteligente.cf"; nocase; fast_pattern; classtype:bad-unknown; sid:27997234; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3344 3345 3346 3347, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ggrbb.xyz"; dns.query; content:"ggrbb.xyz"; nocase; fast_pattern; classtype:bad-unknown; sid:27997241; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3456, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cerebro.harrache.info"; dns.query; content:"cerebro.harrache.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997242; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2653, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ns1.95997.ip-ns.net"; dns.query; content:"ns1.95997.ip-ns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997249; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3466, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for cattery2.eastasia.cloudapp.azure.com"; dns.query; content:"cattery2.eastasia.cloudapp.azure.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997250; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3473, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rdjcloud.duckdns.org"; dns.query; content:"rdjcloud.duckdns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997251; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3474, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for q3i6k7j3.stackpathcdn.com"; dns.query; content:"q3i6k7j3.stackpathcdn.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997252; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3476, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freebox.sillundil.ovh"; dns.query; content:"freebox.sillundil.ovh"; nocase; fast_pattern; classtype:bad-unknown; sid:27997253; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3512, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for sitdns.com"; dns.query; content:"sitdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997254; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3487, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for c4c707e5-73cd-4272-9f05-0cf16c39e48a.pub.instances.scw.cloud"; dns.query; content:"c4c707e5-73cd-4272-9f05-0cf16c39e48a.pub.instances.scw.cloud"; nocase; fast_pattern; classtype:bad-unknown; sid:27997255; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3545, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for chlaebi.synology.me"; dns.query; content:"chlaebi.synology.me"; nocase; fast_pattern; classtype:bad-unknown; sid:27997256; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3543, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for ora1.nocnik.org"; dns.query; content:"ora1.nocnik.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997257; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3579, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for vmd45200.contabo.wallura.eu"; dns.query; content:"vmd45200.contabo.wallura.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997258; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3570, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eddi.usgovtrafficmanager.net"; dns.query; content:"eddi.usgovtrafficmanager.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997259; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2020, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for s.justlife.fun"; dns.query; content:"s.justlife.fun"; nocase; fast_pattern; classtype:bad-unknown; sid:27997260; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3571, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dpeddi.myddns.com"; dns.query; content:"dpeddi.myddns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997261; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3801, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for pixie.porkbun.com"; dns.query; content:"pixie.porkbun.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997270; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2976, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for onlyfriends.info"; dns.query; content:"onlyfriends.info"; nocase; fast_pattern; classtype:bad-unknown; sid:27997274; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2230, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for keeflix.chenu.ch"; dns.query; content:"keeflix.chenu.ch"; nocase; fast_pattern; classtype:bad-unknown; sid:27997275; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4192, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for qbak.no-ip.eu"; dns.query; content:"qbak.no-ip.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997276; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4204 4205, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for jo2hchbwidzdfsoi.myfritz.net"; dns.query; content:"jo2hchbwidzdfsoi.myfritz.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997278; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4224, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsadguard.co.uk"; dns.query; content:"dnsadguard.co.uk"; nocase; fast_pattern; classtype:bad-unknown; sid:27997279; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4252, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for rassadnikov.ru"; dns.query; content:"rassadnikov.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27997280; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3470, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for amd1.sjp.loukky.com"; dns.query; content:"amd1.sjp.loukky.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997282; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4367, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for xxxxxxxxx.gq"; dns.query; content:"xxxxxxxxx.gq"; nocase; fast_pattern; classtype:bad-unknown; sid:27997283; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3371, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for adguard1.njy.jsanagustin.net"; dns.query; content:"adguard1.njy.jsanagustin.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997284; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4393, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.asdw.fun.cdn.cloudflare.net"; dns.query; content:"dns.asdw.fun.cdn.cloudflare.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997286; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4440, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for syd1.norgannetworks.net.au"; dns.query; content:"syd1.norgannetworks.net.au"; nocase; fast_pattern; classtype:bad-unknown; sid:27997287; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2966, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for mask-api.fe.apple-dns.net"; dns.query; content:"mask-api.fe.apple-dns.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997288; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4435, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for carioka.dyndns.org"; dns.query; content:"carioka.dyndns.org"; nocase; fast_pattern; classtype:bad-unknown; sid:27997289; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4438, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for server.pragmasec.nl"; dns.query; content:"server.pragmasec.nl"; nocase; fast_pattern; classtype:bad-unknown; sid:27997291; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 2769 2773, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for strata.gurupannu.com"; dns.query; content:"strata.gurupannu.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997293; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4507 4508 4509, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe.avastdns.com"; dns.query; content:"europe.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997295; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4498, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for europe-west.avastdns.com"; dns.query; content:"europe-west.avastdns.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997296; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4498, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dnsvps.porteii.com"; dns.query; content:"dnsvps.porteii.com"; nocase; fast_pattern; classtype:bad-unknown; sid:27997298; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4558, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dumbledore.steinr.eu"; dns.query; content:"dumbledore.steinr.eu"; nocase; fast_pattern; classtype:bad-unknown; sid:27997299; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 4567, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for freeside.wntrmute.net"; dns.query; content:"freeside.wntrmute.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997303; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 5018, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for dns.233py.com.cdn.cloudflare.net"; dns.query; content:"dns.233py.com.cdn.cloudflare.net"; nocase; fast_pattern; classtype:bad-unknown; sid:27997304; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 76, updated_at 2023_01_28;)
reject dns $HOME_NET any -> $EXTERNAL_NET 53 (msg:"(o)DoH Query for eaereaper.ru"; dns.query; content:"eaereaper.ru"; nocase; fast_pattern; classtype:bad-unknown; sid:27997305; flow:to_server; rev:1; metadata:affected_product Any, attack_target Client_Endpoint, database_domainlist_id(s) 3305, updated_at 2023_01_28;)