This rule detects potential open redirect vulnerabilities associated with the domain 'next2.io', which have been exploited by malicious actors in various phishing attacks. The detection process involves analyzing incoming messages for URLs that possess certain characteristics indicative of redirect abuse. Specifically, the rule looks for the presence of links that point to 'c.next2.io' with a path matching '/api/ads' and a query parameter containing 'fallback_url='. The sender's profile is analyzed to determine if messages are solicited; the rule further considers the sender's reputation, where messages from high-trust domains are excluded from detection unless they fail DMARC authentication. The overall aim is to identify attempts to deceive users into providing credentials through deceptive open redirects, leveraging social engineering tactics and evasion techniques.