Skip to main content

Hello Google Cloud Abuse Team,

We’ve noticed that the following IPs have been flagged on VirusTotal under GCP Abuse Intelligence as “miner”:

 

66.33.60.34 66.33.60.35 66.33.60.66 66.33.60.67 66.33.60.129 66.33.60.130 66.33.60.193 66.33.60.194 76.76.21.22 76.76.21.123 76.76.21.164 76.76.21.241 216.198.79.65 64.29.17.1 64.29.17.65

These IPs are used strictly for ingress purposes, and no crypto mining activity is hosted on them. We kindly request your assistance in reviewing and delisting them.

If this request should be directed to another team, could you please help loop them in?

We remain committed to identifying and removing any phishing, malware, or unauthorized crypto-related content across our infrastructure. If there are specific FQDNs or URLs that led to these listings, please share the details so we can take immediate corrective action.

Thank you for your support and collaboration.

Best Regards,
Ramu Golla

Did you receive an Abuse Notification?  If so did you follow the process detailed here:
Respond to abuse notifications and warnings in Google Cloud

Hi ​@Gramu4307 we have also shared this with our GCP Abuse team. Thank you for highlighting. You can always use the link that ​@kentphelps added above. 

Hi ​@kentphelps@matthewnichols , thanks for your response.

To clarify, we have not received any notification from [removed by moderator] regarding these IPs. I’ve sent a couple of emails to that address but the only reply I’ve received is the following:

“We are not able to take action on this report since the IP mentioned in the report is not hosted on Google Cloud. If you would like to request the removal of content from Google's services due to a legal issue, please submit a request using the webform at this Legal Help page…”
(Ticket Reference ID: XCH2ZESIHHCTHXXST5RZUD32XU)

I also submitted the Legal Help form on the Google site but didn’t have any success there either.

Since this is the first time I’m dealing with this type of issue, I’ve tried every possible route to get this resolved. Because these IPs are currently flagged on VirusTotal under GCP Abuse Intelligence, I’ve reached out here in the community channel.

Could you please confirm if there’s a specific form, portal, or email address we should use going forward for cases like this? Or should we continue to provide updates here in the Community channel?

Thanks for your guidance.

Best regards,
Ramu Golla

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.