I'm currently stuck on the "Learn Standard Open Redirect Preventions" challenge of the "App Logic Vulnerability Prevention" module.

The challenge is to submit a valid open redirect attack starting from the Standard Redirect Protections Challenge tab.

However, the links on this page are all to standard record pages, where the hack (e.g changing retURL to returl) won't work (it only works on VF pages).

Even if I attempt this and check the challenge, the error I get states: "It doesn't appear that you've successfully redirected to an external website using the Visualforce page. Please try again." - so it implies that it expects me executing this from a custom VF page.

Can anyone give me some advice on where I'm missing something on the challenge?

I get this error: Challenge Not yet complete... here's what's wrong: 
The Suggestion custom object does not contain the correct set of custom fields. Tip: check for typos in the field names.

I've followed all steps, went back and rechecked, and then redid the entire challenge. I can't get it to pass. What am I doing wrong? I have included all custom fields and spelled them correctly.