App Engine instance under attack

[Adrian Dybwad]

Hello

It seems my app engine instance is being attacked with a specially formed url with an example as follows:

https://map.purpleair.org/map?'-function(){xssdetected(307911)}()-">\"><scrIpt>xssdetected(307911)</scrIpt><aUdio src=x oNerror=xssdetected(307911)><"-'-function(){xssdetected(307911)}()zoom=6&lat=54.0555645775118&lng=-129.54582149505615&selected=66952|214535|214537|200713|200715|141671|141673|177352|177354|o2|250990|250995|157198|157200|120017|179970|179972|119967|159759|159761|155922|155924|251016|251018|162380|162384|246028|246030|92577|179966|179968|201850|201854|80301|170983|170985|92566|162320|162322|179891|179893|233210|233212|210046|210048|143567|143569|249050|249052|223912|223914|168707|168709|258981|258983|157217|157219|195132|195134|198203|198205|119962|141646|141644|92564|195095|195097|143537|143539|195119|195121|162316|162318|170977|170979|212185|212187|113793|157202|157204|120015|179899|179901|250969|250971|251012|251014&orderby=L&latr=8.39036891973398&lngr=20.126953125

There are a lot of requests like this in the last few days and they vary in format or content. 

I am interested in notifying google to assist in blocking or investigating this attack.

Please let me know how to go about this or if anyone has any suggestions?

Thank you!

Adrian

[Adrian Dybwad]

This was the google security scanner. Somehow it started scanning thousands of different combinations of url. I will look into it some more and see how to stop it doing that!

[Nicholas (Google Cloud Support)]

Have you created any security scans for your application(s) and/or domains?  If so, you can exclude URLs matching specific patterns.  If not, are you still affected by this security scan?  Is or was it confined to a specific time frame?