This detection rule targets potential open redirect vulnerabilities specifically in messages containing links to 'api.amaterasu-for-website-5.com'. It identifies phishing attempts where the 'url' query parameter is exploited to redirect users to malicious websites. The rule incorporates checks for whether a link's domain is 'api.amaterasu-for-website-5.com' and whether it includes a redirect via the 'url' parameter. It also ensures that the link is not redirecting back to trusted domains associated with the legitimate 'website-5.com' to avoid false positives. Additionally, the rule negates any links from high trust domains unless they have failed DMARC authentication, providing a balance between detection of malicious links and avoidance of false alarms from reputable senders. Attack types associated with this rule include Credential Phishing and Malware/Ransomware, focusing on mitigating the risk of users being redirected to phishing sites under the guise of legitimate entities.