alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET ADWARE_PUP LNKR Request for LNKR js file M1"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/lnkr5.min.js"; endswith; fast_pattern; http.header_names; content:"User-Agent"; content:"Referer"; reference:url,securitytrails.com/blog/lnkr-malicious-browser-extension; classtype:pup-activity; sid:2027422; rev:5; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2019_06_03, deployment Perimeter, performance_impact Low, confidence High, signature_severity Minor, updated_at 2020_09_17;)