This rule detects potential open redirect attacks associated with the domain 'plasticsurgery.or.kr'. Open redirects can be exploited to redirect users to malicious sites under the guise of a legitimate URL. The detection mechanism employs a multifaceted approach including inbound message analysis that inspects links within the body's content for specific patterns related to the domain 'plasticsurgery.or.kr'. Specifically, it checks for the presence of a path reference to '/bbs/link.php', along with query parameters 'code=' and 'url='. The rule also ensures that the redirected URL does not end in a domain that is a valid or expected route to 'plasticsurgery.or.kr', hence providing a line of defense against malicious redirects. Additionally, the rule incorporates an evaluation of the sender's email domain against a trusted domains list, which helps mitigate the risk posed by potentially unsafe links from high-trust senders that fail DMARC authentication. The rule addresses threats related to Credential Phishing and Malware or Ransomware, classifying them under the tactic of open redirect. The overall severity of the threat is deemed medium, reflecting the potential risk without being overly critical. By applying sender and URL analysis techniques, this rule aims to enhance detection capabilities in real-time messaging systems.