The way Google allows developers to create web pages on its AppEngine application cloud is a real boon for phishing aficionados, security researcher Marcel Afrahim recently noted. Indeed, the structure of the subdomains is such that it is possible to automatically generate a large number of URLs which, in the end, will all point to the same page.
For a hacker this is very convenient, as it seriously complicates the filtering job of system administrators. Its phishing pages will therefore not be detected in time and risk trapping many people. This is all the more true as a page generated on AppEngine enjoys a significant amount of trust, because TLS certificates are validated by “Google Trust Services”. And this risk is not just theoretical. This flaw is already actively exploited by hackers.
Source : Blog Note