This threat detection rule aims to identify instances of open redirection associated with the domain chkc.com.hk. Open redirects are significant vulnerability vectors, often exploited in credential phishing and other forms of malware delivery. The rule captures messages that contain links where the root domain matches 'chkc.com.hk' and includes specific patterns such as 'ViewSwitcher/SwitchView' in the path and 'returnUrl=' in the query parameters. Additionally, the rule employs sender profile analysis, flagging unsolicited messages or those sent by profiles determined to be malicious with no false positives. Trusted sender domains are also scrutinized, particularly failing DMARC authentication checks. The severity of this rule is medium due to its direct relation to open redirects that can lead to user redirections to malicious sites.