Hi,
well, those are “only” informational IPS hits. .biz domains tend to be suspicious, but your mileage might vary.
You could try tracing down those queries by searching IPFire’s DHCP server logs for active clients within that time range, and asking the users of those device(s) if they queried any .biz domain.
If those rules create too much noise, you might want to disable them. The informational category needs to be selected careful in general, as it needs to be heavily customised to your environment in order not to cause too many false positives.
Thanks, and best regards,
Peter Müller