Google’s Safe Browsing has marked *.code.run as a dangerous domain. This impacts all public HTTPS endpoints that do not use a custom domain. We recommend appealing for your specific service domains at https://safebrowsing.google.com/safebrowsing/report_error/.

We have sent the relevant documentation via Google Search Console and await a response from Google. We will explore options including:

• temporarily using another domain for new workloads
• exploring wildcard and vanity replacement of *.code.run on a per-user basis
• adding *.code.run to an allow-list

Cause:
A user was caught deploying a phishing website and was banned within 10 minutes of notification. *.code.run is a member of the PSL, and, unfortunately, it is not considered when blocking thousands of domains for one offending workload.