This detection rule identifies messages that contain links to the domain 'fenc.com' leading to an open redirect vulnerability. Such vulnerabilities, if exploited, can redirect users to malicious sites, often used for phishing attacks. The rule checks for the presence of 'fenc.com' links with specific URL patterns, especially those that use redirector mechanisms that can potentially manipulate user redirection without consent. The criteria include verifying the domain, path, and query parameters of the URLs in the message body, ensuring that they do not link back to 'fenc.com'. Additionally, the rule incorporates sender analysis, flagging links if they originate from users or senders that are not part of a high-trust network, or if their messages have shown malicious intent in the past. It is fundamental to monitor and mitigate such vulnerabilities as they can lead to serious attacks including credential theft and malware distribution.