alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ADWARE_PUP Adware.PUQD Checkin"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/debug/Version/"; fast_pattern; startswith; content:"/trace/"; pcre:"/^\/debug\/Version\/\d_\d_\d_\d\d{1,2}?\/trace\/(?:mostrarFailed(?:EndLoading|ReadyState)|Get(?:XmlDataRequisites|BinaryData)|(?:DownloadRequisites|down_)Finish|Re(?:cievedXml|adyState)|PreDownloadRequisites|EndLoading|UserAdmin|Start)$/"; http.header_names; content:!"User-Agent|0d 0a|"; content:!"Referer|0d 0a|"; content:!"Accept|0d 0a|"; reference:md5,e44962d7dec79c09a767a1d3e8ce02d8; reference:url,www.virustotal.com/en/file/1a1ff0fc6af6f7922bae906728e1919957998157f3a0cf1f1a0d3292f0eecd85/analysis/; classtype:pup-activity; sid:2017945; rev:6; metadata:created_at 2014_01_08, signature_severity Minor, updated_at 2020_10_12;)