Technical summary: This rule detects inbound messages that contain a URL whose path matches a specific suspicious pattern. The pattern is anchored to the URL path and requires: a leading slash, a single digit, an uppercase letter, a sequence of alphanumeric characters, a hyphen, another alphanumeric sequence, and exactly five trailing binary digits (0 or 1). The regex used is ^\/[0-9][A-Z][a-z0-9]+\-[a-z0-9]+[01]{5}$, applied to the href_url.path of any links in the inbound message body. If any link's path matches this pattern, the rule triggers with medium severity. The rule aligns with Credential Phishing tactics by signaling potential obfuscated or binary-like link components used to bypass simple URL filtering, and with Evasion techniques by leveraging a narrowly scoped URL path signature that may evade generic keyword/host-based filters. Detection method is URL analysis. Attack type indicates phishing-oriented abuse where a crafted link could lead to credential harvesting or malicious payload delivery. The rule does not inspect hostnames or query parameters beyond the path, so correlation with host reputation or page content would enhance accuracy. The approach is precise but could produce false positives if legitimate services use similarly structured paths, and may miss variants that do not conform to the specific binary-suffix pattern.