Detects inbound messages that contain hyperlinks to HTML files hosted on Linode Objects (linodeobjects.com). This pattern is commonly used to host malicious content or to bypass security controls by leveraging legitimate cloud storage infrastructure. The rule scans inbound message bodies and flags any link where the URL's root domain is linodeobjects.com and the path ends with .html. Triggering signals include the combination of a web link in an inbound thread and the specific HTML file indicator, which is often associated with phishing or malware delivery campaigns that rely on hosted content. While effective for spotting this specific abuse pattern, it may miss non-HTML payloads or links to other hosting providers, and legitimate Linode-hosted pages may generate false positives if not contextualized with additional indicators (e.g., user behavior, attachment presence, or known-good domains).