What does the rule logic actually say? What host is under attack? Is it proxied?
yes the domain is proxied
I don’t believe
is in is doing what you expect. The lack of matching requests appears to confirm that. I’d start with a simple rule from the examples which matches some requests and then expand to a regular expression which covers multiple hosts.
i tried contains, equals both didnt work
https://example.com/* isn’t a path.