This detection rule identifies open redirect vulnerabilities specifically linked to the domain bangkoksync.com, which have been exploited in various phishing attacks. The rule analyzes incoming messages for the presence of hyperlinks that lead to the mentioned domain, especially focusing on patterns that indicate malicious behaviors, hence enhancing email security. It inspects the URL structure for specific path segments and query parameters tied to open redirects. To reduce false positives, it excludes highly trusted sender domains unless they fail DMARC authentication checks. This dual-check approach ensures that while potentially harmful content is flagged, legitimate communications are not unduly disrupted. By enforcing strict conditions and analysis techniques, this rule aims to mitigate threats associated with credential phishing and download links for malware or ransomware, leveraging both sender and URL analysis as the main detection methods.