diff --git a/detection-rules/link_fake_thread_nlu_financial_request.yml b/detection-rules/link_fake_thread_nlu_financial_request.yml
index 6531d54e6b2..621035b06db 100644
--- a/detection-rules/link_fake_thread_nlu_financial_request.yml
+++ b/detection-rules/link_fake_thread_nlu_financial_request.yml
@@ -5,11 +5,6 @@ severity: "medium"
 source: |
   type.inbound
   and length(body.links) < 10
-  // suspicious link
-  and any(body.links,
-          .href_url.domain.root_domain not in $tranco_1m
-          and .href_url.domain.domain not in $umbrella_1m
-  )
   
   // fake thread check
   and (strings.istarts_with(subject.subject, "RE:") or strings.istarts_with(subject.subject, "FWD:"))