This detection rule identifies HTML files that contain links with a suspicious pattern in the fragment section of the URL. Specifically, it looks for URLs that end in '.html' and are followed by an alphanumeric pattern ending with a 5-digit binary string (a sequence of 0s and 1s). Such patterns are frequently exploited in malicious URL schemes, particularly for credential phishing attacks, wherein attackers utilize obfuscated links to trick users into entering sensitive information. The rule leverages inbound data types and applies a regex to analyze the structure of the URL fragments.