Detects inbound emails that include a single-page PDF attachment containing URLs to self-service content creation platforms, sent to the sender's own address or to an invalid recipient domain. The rule requires exactly one recipient, a single attachment that is a 1-page PDF (per EXIF data), and 1–3 URLs within the PDF. All URLs must resolve to domains in the predefined self-service platform domain set. Known benign exceptions (e.g., certain pdf-tools or specific gamma links) are excluded. This pattern may indicate testing of malicious content or preparation for distribution, aligning with BEC/Fraud and credential phishing scenarios.