A newly discovered technique by a researcher shows how Google’s App Engine domains can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products. Google App Engine is a cloud-based service platform for developing and hosting web apps on Google’s servers. The URL structures are usually generated in a manner that makes them easy to monitor and block. But the subdomains get generated and paths are routed in a way that makes it hard for security professionals to block malicious activity.
Source: https://www.bleepingcomputer.com/news/security/google-app-engine-feature-abused-to-create-unlimited-phishing-pages/