This detection rule identifies potential open redirect vulnerabilities associated with the domain 'artkaderne.dk' which have been observed to be exploited in malicious campaigns. The rule employs multiple conditions to ascertain if an incoming message contains links redirecting to 'artkaderne.dk'. It checks the presence of 'refurl=' in the URL's query parameters, indicating that a redirect might be taking place. The rule is designed to avoid false positives by excluding messages from highly trusted sender domains unless they fail DMARC authentication. Additionally, it assesses the sender's profile, looking for unsolicited messages or any previous messages flagged as malicious. If either of these conditions holds true, the message is marked for further investigation. This rule is crucial for detecting early indicators of phishing or malware distribution that leverage open redirects.