1. Ip-firewall - Filter rules tab, fastrack rule should be disabled!
2. Your mangle rule with adding to address list better works since v7 as RAW rule. Simply do same at the Raw tab.
3. Why do you use address list ? If you want to access some blocked sites by ISP in your region, redirecting foreign traffic thru another wan connection (wireguard vpn?), its easier to do with another way.
There is a list generator:
You can generate your local country list.
Then create Mangle rule which compares, if source is your local nenetwork (e.g. 192.168.0.1/24) and the destination is NOT in IP list of your country - then mark routing thru wireguard vpn.
Important! Do not forget to add to this list:
1.ip of your wireguard vpn, to access it directly, as if it is local.
2. ip range of your local network, e.g. 192.168.0.1/24, to access local network directly, not trying to route thru vpn.
Mid range devices like hex s, or 750 gr3 or hap ac2 make this comparison thru approx 8000 records with no significant cpu usage!
Im using this approach over 1 year, speed over 100 mbit works fine.
Your approach of finding content is very slow.
If you add approx 10 rules, cpu wull be 100%.
*since tls 1.3 this doesnot work anymore*:
If you still want to make it by content, much faster way is to lookup tls header.
See "TLS Host" field, your picture #2.
Fortunately ALL the sites use tls nowdays.
The only drawback - first time you access the site, you must use httpS://
Ps - select protocol at your picture #1 as "6 (tcp)".
Searching the rest for your task is useless.