5017824

alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"NF - Bad TLD domain - solutions DNS query - Check domains"; content:"|01 00 00 01 00 00 00 00 00 00|"; depth:10; offset:2; content:"|09|solutions|00|"; fast_pattern; nocase; distance:0; reference:url,networkforensic.dk; metadata:22092016; classtype:bad-unknown; sid:5017824; rev:2;)

Low

Identify which device initiated the DNS request to determine if it’s expected or unauthorized. Check if the queried domain is malicious. Investigate the initiating device for signs of phishing, malware, or other suspicious activities. Block further DNS requests to .solutions if the domains are unnecessary