type.inbound
and any(body.links, .display_url.path == '/wp-login.php')
and regex.icontains(body.current_thread.text,
'[a-z]{5,10}\.blogspot\.[a-z.]{2,6}\s*-\s*\d[\d\s]*\s*(USD|EURO?)\s*BINANCE'
)
Playground
Test against your own EMLs or sample data.