Link: Direct download of executable file

type.inbound
// the link leads to a direct download of an EXE file
and any(body.current_thread.links,
        strings.iends_with(.href_url.url, '.exe')
        and not .href_url.domain.root_domain == sender.email.domain.root_domain
        and not (
          .href_url.domain.root_domain in $tranco_10k
          // if the link is to a free_file_hosts that is in tracno, still match (bitbucket, githubusercontent, etc.)
          and not .href_url.domain.root_domain in $free_file_hosts
        )
)