Detects inbound messages whose HTML body contains a comment with exactly 24 hexadecimal characters. It covers two patterns: (1) a comment at the very start of the HTML containing a 24-hex token (e.g., <!-- a1b2c3d4e5f6a7b8c9d0e1f2 --> with optional whitespace), and (2) any HTML comment containing a 24-hex sequence, provided there are no IE conditional comments (i.e., no [if...]). This pattern targets embedded tokens used for evasion, tracking, or session identifiers hidden in HTML comments. The rule uses HTML content analysis (XPath to extract comments and regex on raw content) and applies to inbound messages with HTML bodies. It is labeled as low severity and aligned with evasion-type detections.