alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO HTTP Request for FixMe.IT / Techinline Remote Access Tool"; flow:established,to_server; http.host; dotprefix; content:".techinline.net"; endswith; threshold:type limit, count 1, seconds 300, track by_src; classtype:misc-activity; sid:2049868; rev:1; metadata:attack_target Client_and_Server, created_at 2023_12_29, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Informational, tag RemoteAccessTool, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_12_29;)