open redirect to a remote website which can phish users

By Adding some extra headers in the request I noticed that the user is redirected to a remote website. This can lead to stealing a user credentials (phishing) on a remote server. These headers can be added either using a MITM attack or by chaining with another vulnerability such as request smuggling, header injection more commonly abusing a reverse proxy that sits in front of the website. ps:crayons ## Impact This can lead to stealing a user credentials (phishing) on a remote server or planting malware on the user's computer.