This detection rule identifies potential instances of open redirect vulnerabilities associated with the domain qrxtech.com, which have been exploited in various attacks. It checks inbound messages for specific characteristics in their links, particularly verifying whether any of the links have the root domain of 'qrxtech.com' and end with 'XMLServer.aspx'. Additionally, it inspects the query parameters for the presence of 'HREF=' and 'FUNC=', while also ensuring that the query parameters do not allow a redirect to another qrxtech.com URL. This rule also filters out messages that originate from the trusted sender domain of qrxtech.com. Furthermore, it includes additional checks to negate trusted sender domains unless they have failed DMARC authentication, thus helping in the detection of credential phishing and other malware-related activities. By focusing on URL and sender analysis, this rule aims to mitigate risks associated with open redirects in email communications.