This detection rule identifies potentially malicious email messages that utilize Adobe's frame.io as a landing page. The rule focuses on messages that reference frame.io in the sender's email but lack proper sender identification, making them suspicious. It specifically targets shares with certain terms in the subject indicating file sharing or document transfer, which are common lures in phishing attacks. The rule employs sophisticated string matching and regular expressions to identify phrases commonly associated with phishing, such as 'shared', 'important document', or references to popular file-sharing services like Dropbox and OneDrive. Additionally, it analyzes the links embedded in the email content, looking for URLs that redirect to newly registered domains, free file hosts, or known phishing sites, and checks whether these URLs lead to captcha pages or well-known evasion tactics. The integration of machine learning for link analysis and domain age checking highlights the complexity of the detection method, making it robust against evolving phishing strategies.