alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ADWARE_PUP Win32.Perinet CnC Checkin"; flow:to_server,established; http.method; content:"POST"; http.uri; content:"/ceb.aspx"; endswith; http.user_agent; content:"Mozila"; fast_pattern; bsize:6; http.header_names; content:!"Referer"; reference:md5,c1c94bd5effc12455d7d0fe22e29feb5; reference:url,www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA:Win32/Perion; classtype:pup-activity; sid:2034175; rev:1; metadata:created_at 2021_10_12, confidence High, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_10_12;)