This detection rule identifies instances of potential phishing attacks that employ an open redirect to the domain slubnaglowie.pl, particularly targeting users via inbound messages. The rule triggers whenever a message includes a link to slubnaglowie.pl, specifically with the path '/przejdz' and containing a query parameter 'url='. Designed to mitigate credential phishing attempts, this rule evaluates links within messages while considering the sender's profile to determine if the messages are solicited or have a history of malicious behavior. Additionally, it distinguishes between highly trusted sender domains and potentially malicious ones, triggering alerts for those that fail DMARC authentication. This nuanced approach reduces false positives by filtering out trusted senders unless they exhibit suspicious behaviors. Overall, this rule effectively aids in detecting and preventing social engineering attacks that leverage open redirects.