This detection rule is designed to identify potential open redirect vulnerabilities involving a redirection chain from YouTube to Google, commonly exploited in credential phishing attacks. It specifically looks for messages that contain links redirecting from YouTube to a Google page, focusing on the query parameters that accompany these links. The key indicators for detection include the presence of 'logout' in the URL path and a query parameter labeled 'continue', which directs users to the Google AMP page. The rule uses both sender and URL analysis to flag any occurrence matching these criteria, which may indicate malicious intent behind the redirection. By recognizing these specific patterns, the rule aims to mitigate risks associated with phishing scams that leverage open redirects.