This detection rule is designed to identify potential phishing and malware/ransomware attacks that exploit open redirects associated with the domain radiopublic.com. The rule checks incoming messages and analyzes the presence of links that redirect to radiopublic.com. Key indicators include links where the root domain matches radiopublic.com, the path starts with '/images/thumbnail', and the query parameters contain 'url='. To ensure this is a legitimate threat, the rule verifies that the redirect is not pointing to a well-known safe domain by using a regex that excludes any links correctly redirecting to radiopublic.com. Additionally, the rule assesses the sender's email domain against a list of high-trust domains and applies further scrutiny if DMARC authentication fails. This layered approach aims to catch open redirect vulnerabilities commonly utilized in credential phishing and malware distribution schemes.