GCP Abuse Intelligence

Did you receive an Abuse Notification?  If so did you follow the process detailed here:
Respond to abuse notifications and warnings in Google Cloud

Hi ​@Gramu4307 we have also shared this with our GCP Abuse team. Thank you for highlighting. You can always use the link that ​@kentphelps added above. 

Hi ​@kentphelps ​@matthewnichols , thanks for your response.

To clarify, we have not received any notification from [removed by moderator] regarding these IPs. I’ve sent a couple of emails to that address but the only reply I’ve received is the following:

“We are not able to take action on this report since the IP mentioned in the report is not hosted on Google Cloud. If you would like to request the removal of content from Google's services due to a legal issue, please submit a request using the webform at this Legal Help page…”
(Ticket Reference ID: XCH2ZESIHHCTHXXST5RZUD32XU)

I also submitted the Legal Help form on the Google site but didn’t have any success there either.

Since this is the first time I’m dealing with this type of issue, I’ve tried every possible route to get this resolved. Because these IPs are currently flagged on VirusTotal under GCP Abuse Intelligence, I’ve reached out here in the community channel.

Could you please confirm if there’s a specific form, portal, or email address we should use going forward for cases like this? Or should we continue to provide updates here in the Community channel?

Thanks for your guidance.

Best regards,
Ramu Golla

​@Gramu4307 I think the best path to move this forward is for your team to open a GCP support case.  They will have to collect info specific to your GCP setup.    You will want to attach screenshots from your VT report showing your IPs being involved with malicious activity as reported by GCP Abuse Intelligence.  Then they can engage with the Cloud Abuse team to open an investigation and get this cleared up.

Hello ​@kentphelps

Thanks for the update!

We don’t have a GCP setup — these IPs are used only for ingress purposes, and customer websites are accessed through them. Since they are not GCP public IPs, whenever I reach out, I receive the following response:

“We are not able to take action on this report since the IP mentioned in the report is not hosted on Google Cloud. If you would like to request the removal of content from Google's services due to a legal issue, please submit a request using the webform at this Legal Help page…”

Could you please review and whitelist the following CIDRs? Also, let me know if any additional details are required. If there are specific URLs or FQDNs causing this listing, we’ll take immediate action.

CIDRs:

• 66.33.60.0/24

• 216.198.79.0/24

• 64.29.17.0/24

• 216.150.1.0/24

Thanks for your support!

Thanks for the update!

We don’t have a GCP setup — these IPs are used only for ingress purposes, and customer websites are accessed through them. Since they are not GCP public IPs, whenever I reach out, I receive the following response:

“We are not able to take action on this report since the IP mentioned in the report is not hosted on Google Cloud. If you would like to request the removal of content from Google's services due to a legal issue, please submit a request using the webform at this Legal Help page…”

Could you please review and whitelist the following CIDRs? Also, let me know if any additional details are required. If there are specific URLs or FQDNs causing this listing, we’ll take immediate action.

CIDRs:

• 66.33.60.0/24

• 216.198.79.0/24

• 64.29.17.0/24

• 216.150.1.0/24

Thanks for your support!