Oh man I am with you on this in that, the fact that it's not a phishing site, to me, means google is sending the completely wrong message to users. Here is a site with a non-google.com URL that expects users to know that only google owns that TLD, has a non Google sign in page, uses google logo. Eek.

A little surprising they wouldn’t use their own tld but maybe that takes too much work to get setup.

They literally are using their own TLD, ".google".

The comment you replied to is surprised that they did use their own TLD, thinking they should stick with their classic domain on not their own TLD (google.com)

You're right, I meant google.com

However, using their own .google TLD makes sense the closer I looked at this link after you brought my attention to it.

This appears to be a branded and hosted version of a third party learning platform that might be simpler to deliver a whitelabeled expereince.

The login experience (either to use your google credentials or create your own account) seems to be the confusing piece.

I would not be surprised if this is not a third party piece of software in which case the login screen makes sense.

the sign-in flow directs you to a normal google.com sign-in, or you can use the sign-up form on this site just like any other non-google site - they're not asking you to enter your google account credentials here.

It is Google's e-learning platform that provides courses and labs (step-by-step trainings in Google Cloud). Before cloudskillboost it was called Qwiklabs which was acquired by Google a couple of years ago. It is completely legit and has a OAuth login flow using your Google Identity.

For Google partners the trainings are free. (Source: working at a Google Cloud partner)

Definitely not: The .google TLD is only open to Alphabet employees: https://en.wikipedia.org/wiki/.google

For a domain they own, you'd think they could find a better name than cloudskillsboost...

Google Cloud Skills Boost is such a mouth full

Also, Clouds Kills Boost

Interesting, TIL https://support.google.com/qwiklabs/answer/9210144?hl=en

Seems super sketchy.

Its very weird for Google to be charging for this yes. Definitely pricked my ears up but can’t see how this is spoofed unless google.com has been pwnd.

I don't really care about the charging. A non google.com TLD asking for my google credentials is phishing.

The UX is admittedly horrendous but this is not what is happening.

On the other hand if you think it is phishing stick to your guns and don’t use it. It is better to be too cautious.

So you trust Google can afford Google.com but you specifically think a TLD of .Google is phishing and not literally the first TLD they would buy when the proliferation of new custom TLDs came out years ago?

Its a normal sign in flow. A safe way just in case is to log in to Google normally, close that tab, open the posted link then click the links in the oauth flow without entering credentials.

Click sign in with google instead of entering user/pass. You are now on a google.com domain. Same as any other site.

"to continue to Qwiklabs," which is what you get when using Google to auth to 3rd-party services, not 1st-party ones

I think there is some of external company partnership white labelling half arsed shit going on there.

Phishing how? The URL links directly to the page without redirection. The page is owned by Google. It's an existing learning platform...

I don't think it's phishing but I do think it might be an advert for Google's hosted AI model training product.

The sign in page shows Google Cloud's logo, but is not Google's sign in page.

Stop wasting people’s time. It’s a real page and you would have figured that out in 5 seconds if you cared to look it up.