0

Recently I started receiving "Third-party application access to your Zoho Account" warning emails from Zoho.com regarding my Zoho email accounts, saying things like:

We noticed a third-party application(POP) accessed your Zoho Account associated with {my account email address} on Wednesday, January 19 2022 10:12:43 AM EST.

Location Wisconsin, United States (Location is approximated based on IP Address: 209.85.221.148)

I've gotten other emails like this, and they've mentioned these other IP addresses too:

  • 209.85.221.21
  • 209.85.221.136
  • 209.85.221.166
  • 209.85.221.167

My accounts have two-factor authentication enabled, so I'm not particularly worried.

My guess is that my Gmail accounts (which I've granted access to manage my Zoho accounts) are involved. Maybe Google recently started using these new IP addresses in Wisconsin.

But how could I know for sure?

Ryan
  • 315
  • 4
  • 13
  • ... have you looked up with those IPs are? – schroeder Jan 23 '22 at 17:40
  • Instead of using the IP lookup tools I know and use, I googled using the search term "what is 209.85.221.136?" and got all the tools you could want that explains what those IPs are. So, how do you know for sure? By looking up the IPs. – schroeder Jan 23 '22 at 17:43
  • If you want to know if Google made some change in what Gmail service IPs they may be using in your area, that's not a security question, and not something some arbitrary collection of people could tell you; only Google. – schroeder Jan 23 '22 at 17:45

1 Answers1

2

You can check the list of IP ranges that Google advertises to the internet.

The list does include 209.85.128.0/17 which corresponds to all addresses between 209.85.128.0 and 209.85.255.255. So yes, the IPs you list do belong to Google.

Do note that simply checking if the IP belongs to Google using a IP whois lookup is not enough, as that would include IPs from Google Cloud, which can be used by customers and may potentially even be malicious.

nobody
  • 11,251
  • 1
  • 41
  • 60
  • An IP lookup for those IPs shows that it is Gmail – schroeder Jan 23 '22 at 17:59
  • @schroeder An IP whois lookup, or some other sort? Because an IP whois lookup only seems to shows that they belong to google, nothing else. – nobody Jan 23 '22 at 19:02
  • 1
    The lookup tools I use show the hostname and reputation, which points to Gmail. I double-checked with my search term above, and other tools also report such info. A straight `whois` does not supply that info. – schroeder Jan 23 '22 at 19:19
  • Thank you, nobody and @schroeder! I see you got the link from https://support.google.com/a/answer/10026322 which somehow I had been unable to find originally. – Ryan Jan 23 '22 at 20:08