[mgjdlsmvoerqp]

Yes,

I've logged into my account and there was this 'Unusual activity detected' pop-up. At first I thought that someone stolen my password via a Trojan but I don't download anything and my software is up to date.

I've clicked at "more" (or something like that, I can't access the same menu right now) and it showed me the hostname and IP address of the unusual logon. The hostname was 1e100.net, I've checked it and it turns out its owned by Google.

Screen:

http://i.imgur.com/55kUM.png

The IP points to Mountain View and is also owned by Google.

Right now I only have access the list of previous logons and there are my logons and one with the Google IP:

http://i.imgur.com/nTlWg.png

When I check who owns the IP:

http://i.imgur.com/V8a8b.png

I can't access the previous menu which I could access via that security pop-up. Anyone knows how to go there?

I've blurred IPs and dates so they can't track which account it is.

Tell me how I can mirror the original data as proof.

[robk]

The logins are often hard to grok if it's a third party API-level access. For example, I believe if you're using a mail plugin that uses App Engine, it will appear to have generated a login from a Google IP block.

[mgjdlsmvoerqp]

I've only used this account via web browser. Never used App Engine.

Would Google service trigger the unusual alert?

[nodata]

> At first I thought that someone stolen my password via a Trojan but I don't download anything and my software is up to date.

You need a higher standard of evidence. A buffer overflow could root your computer.

Also, I don't believe that you've never downloaded anything - can you show us a screenshot of your installed software?

[mgjdlsmvoerqp]

The login came from Google HQ - even if my PC was compromised, it wouldn't matter since gmail uses data from their data center not my PC.

[callmevlad]

How do you know the IP is from Google HQ? Google has free Wi-Fi in Mountain View, and it seems reasonable that those IPs would be somehow connected to Google.

[nodata]

Then why mention that your PC can't have been compromised?

You're making a big accusation, and I want to see some more evidence. You claimed never to have downloaded anything, which is unlikely to say the least.

1. Can you provide the screenshot of installed apps?

2. Also, let's see the full ip.

[mgjdlsmvoerqp]

Because it was my first thought when I've saw the unusual login alert.

I won't show the full IP until I can mirror that report somehow.

[franze]

i'm skeptical

http://support.google.com/bin/answer.py?hl=en&answer=174...

  1e100.net is a Google-owned domain name used to identify the servers in our network.
  
  Following standard industry practice, we make sure each IP address has a corresponding hostname.   
  In October 2009, we started using a single domain name to identify our servers across all Google 
  products, rather than use different product domains such as youtube.com, blogger.com, and 
  google.com. We did this for two reasons: first, to keep things simpler, and second, to 
  proactively improve security by protecting against potential threats such as cross-site  
  scripting attacks.
  
  Most typical Internet users will never see 1e100.net, but we picked a Googley name for it just 
  in case (1e100 is scientific notation for 1 googol)

it's their servers, not their workstations. could be a plugin, maybe something on app-engine? at least an access from 1e100.net isn't a proof of anything.