diff --git a/detection-rules/link_file_sharing_link_removed.yml b/detection-rules/link_file_sharing_link_removed.yml
new file mode 100644
index 00000000000..ba7cadccd98
--- /dev/null
+++ b/detection-rules/link_file_sharing_link_removed.yml
@@ -0,0 +1,34 @@
+name: "Link: File sharing link removed by provider"
+description: "This rule detects messages to file sharing hosts where the file or link has been removed by the provider. "
+type: "rule"
+severity: "medium"
+source: |
+  type.inbound
+  // No Recipients
+    and (
+        length(recipients.to) == 0
+        or all(recipients.to, .display_name == "Undisclosed recipients")
+    )
+    and length(recipients.cc) == 0
+    and length(recipients.bcc) == 0
+  
+  and (
+      any(body.links,
+          any(file.explode(beta.linkanalysis(.).screenshot),
+              any([
+                  "This shared file or folder link has been removed or is unavailable",
+                  "This transfer has been deleted and is not available anymore",
+                  "This item might not exist or is no longer available",
+                  "the file you have requested does not exist",
+                  "This file isn’t here anymore"
+              ], strings.icontains(..scan.ocr.raw, .))
+          )
+      )
+  )
+  
+detection_methods:
+  - "Header analysis"
+  - "Optical Character Recognition"
+  - "URL analysis"
+  - "URL screenshot"
+id: "fc6e11e0-7db6-5366-9a9f-a107452da0f1"