[nsp-sec] who to report abuse from *gae.googleusercontent.com to?

[Russell Fulton]

HI

We recently a bunch of attempts to access some library sites on our network using stolen credentials — nothing to unusual about that but during the investigation I found that some of the attempts came *.201.35.8.gae.googleusercontent.com.   

There is at least one “free proxy” based on GAE on code.google.com (and it is of Chinese origin which is where the vast majority of our abuse originates from ;) and we suspect that this might be involved.

Does anyone have any suggestions as to who in Google I can approach about this issue.  I have a heap of logs from Bro and our authentications systems.  They were testing credential to see if they worked.  

As an aside:  Over the last year we have had a lot of trouble with stolen credentials being used to abuse library resources from addresses in China.  Over that time I have spent a lot of time improving our monitoring and in particular detecting when ‘they’ try and validate batches of credentials to the point where we now get nearly all accounts reset before they are abused in earnest.  Over the last month or so the attackers have resorted to a variety of tactics to avoid our monitoring.  This, I suspect, is the latest and most affective because the accesses are spread over several different IP which are also generating legitimate traffic making it much more difficult to detect abuse.

Russell