This detection rule identifies potential DNS lookups performed by clients that may be associated with cryptocurrency mining pools. It utilizes DNS query logs from the Zeek service to flag requests to a comprehensive list of known mining pool domains, such as 'monerohash.com' and 'minergate.com'. The rule specifically looks for DNS queries that end with any of the specified mining pool domain names, while excluding responses from local IP addresses (like '127.0.0.1') to minimize false positives. The rule ensures that a query must result in activity that is not rejected, meaning the request should not return a rejection response. This detection is crucial for identifying potentially unwanted mining activities on the network, which could lead to resource exhaustion or unauthorized use of computing resources.