This rule identifies and flags instances where a malicious actor exploits excessive padding in the username field of the userinfo component within a URL to obscure the actual destination. This technique is often employed in phishing attacks, where the URL may start with a seemingly trustworthy domain followed by an '@' symbol that separates the username from the actual malicious domain. A key aspect of this detection is the requirement that there are 30 or more URL-encoded characters prior to the '@', making it difficult for users to recognize the true nature of the link. To reduce false positives, the rule also excludes cases where the URL domain is 'google' and the path indicates a legitimate Google Maps query. Overall, the rule helps in detecting deceptive URLs that may lead to credential theft under the guise of familiar brands.