• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Autocomplete adds suspicious "@unknown.email" to selected contacts

Outlook version
Outlook 2016 64 bit
Email Account
IMAP
#1
Yesterday, I downloaded Outlook for Android on my smartphone and configured it to manage my main Gmail account, which by default used my cellphone"s Contact List as its address book. After a few emails, I noticed that as soon as I began typing addresses on the "To" field, the AutoComplete feature pursued final entries that paired the name of my contact with the domain "@unknown.email."

First I thought these were all because of some default system feature for the entries in my address book that were maybe incomplete or invalid. Later, I realized this was not the case. The unknown.email domain attached itself to about 10 of the most common people I communicate with, whether or not their entries in my Contacts actually have email addresses.

THE RESULT:

So if I typed "Mom" into the TO field, Outlook will put in "Mom" as expected. But unless you go slow and look at the Autocomplete feature as you type, you will never know that the email will in fact go to someone with the email address nnn-nnn-nnnn@Unknown.Email (where the "n's" = the actual cellphone number of the entry "Mom".

I sent several emails to various names that I noticed bore "Unknown.Email" as its email address domain name, and None of these emails bounced back. So, whoever it is on the other end, he or she is actually receiving these emails.

I have never sent email outside the online Gmail site, and the Gmail app on my Android phones. None of these two clients show the presence of (cellnumber@unknown.email), although that doesn't mean they were never there. Maybe Outlook's Autocomplete feature merely forced these invisible entries to reveal themselves.

Have I been hacked?
--------------
I ran the domain name on a site that does Domain / IP lookups and got this:
Input: unknown.email
canonical name: unknown.email
Registered Domain: unknown.email
TraceRoute from Network-Tools.com to 72.52.4.120 [unknown.email]
Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 67.219.148.9 dfw-c1-vl0990.cpgventures.com
2 4 0 0 184.105.25.73 v509.core1.dal1.he.net
3 24 23 23 184.105.81.169 100ge8-1.core1.atl1.he.net
4 42 35 38 184.105.213.70 100ge8-1.core1.ash1.he.net
5 36 36 36 206.126.236.219 akamai.prolexic.com
6 35 35 36 209.200.144.200 a209-200-144-200.deploy.static.akamaitechnologies.com
7 40 41 44 209.200.144.205 a209-200-144-205.deploy.static.akamaitechnologies.com
8 36 35 35 72.52.4.120 a72-52-4-120.deploy.static.akamaitechnologies.com
Trace complete
Retrieving DNS records for unknown.email...
DNS servers
ns1.sedoparking.com
ns2.sedoparking.com
Answer records
unknown.email NS ns2.sedoparking.com 86400s
unknown.email MX
preference: 0
exchange: localhost
3600s
unknown.email TXT v=spf1 ip6:fd92:59f3:510e::/48 -all 3600s
unknown.email SOA
server: ns1.sedoparking.com
email: hostmaster@sedo.de
serial: 2015071001
refresh: 86400
retry: 10800
expire: 604800
minimum ttl: 86400
86400s
unknown.email NS ns1.sedoparking.com 86400s
unknown.email A 72.52.4.120 600s
Authority records
Additional records
Whois query for unknown.email...
Results returned from whois.donuts.co:
Domain Name: unknown.email
Registry Domain ID: aa46cc569f3042fa83cacf090a253985-DONUTS
Registrar WHOIS Server: who.godaddy.com/
Registrar URL: GoDaddy Domain Name Search
Updated Date: 2017-11-10T23:41:14Z
Creation Date: 2016-09-26T23:41:13Z
Registry Expiry Date: 2018-09-26T23:41:13Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientDeleteProhibited EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN
Domain Status: clientRenewProhibited EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN
Domain Status: clientTransferProhibited EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN
Domain Status: clientUpdateProhibited EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN
Registry Registrant ID: f66d8ae1b6c54d7f96e8b2e7f811ed87-DONUTS
Registrant Name: Anschelika Smoljar
Registrant Organization: i-content Ltd.
Registrant Street: Friedrichstr. 90
Registrant City: Berlin
Registrant State/Province: Berlin
Registrant Postal Code: 10117
Registrant Country: DE
Registrant Phone: +49.1805522744
Registrant Phone Ext:
Registrant Fax: +49.1805522944
Registrant Fax Ext:
Registrant Email: godaddy@icontent.org
Registry Admin ID: 8fcd0db20a364a86bda0d827c4f972dc-DONUTS
Admin Name: Anschelika Smoljar
Admin Organization: i-content Ltd.
Admin Street: Friedrichstr. 90
Admin City: Berlin
Admin State/Province: Berlin
Admin Postal Code: 10117
Admin Country: DE
Admin Phone: +49.1805522744
Admin Phone Ext:
Admin Fax: +49.1805522944
Admin Fax Ext:
Admin Email: godaddy@icontent.org
Registry Tech ID: 2349eb365d1040e088c629643453846b-DONUTS
Tech Name: Anschelika Smoljar
Tech Organization: i-content Ltd.
Tech Street: Friedrichstr. 90
Tech City: Berlin
Tech State/Province: Berlin
Tech Postal Code: 10117
Tech Country: DE
Tech Phone: +49.1805522744
Tech Phone Ext:
Tech Fax: +49.1805522944
Tech Fax Ext:
Tech Email: godaddy@icontent.org
Name Server: ns1.sedoparking.com
Name Server: ns2.sedoparking.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: Whois Inaccuracy Complaint Form | ICANN
>>> Last update of WHOIS database: 2018-01-25T05:32:49Z <<<
For more information on Whois status codes, please visit EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN
Terms of Use: Users accessing the Donuts WHOIS service must agree to use the data only for lawful purposes, and under under no circumstances use the data to: Allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the registrar's own existing customers. Enable high volume, automated, electronic processes that send queries or data to the systems of Donuts or any ICANN-accredited registrar, except as reasonably necessary to register domain names or modify existing registrations. When using the Donuts Whois service, please consider the following: The Whois service is not a replacement for standard EPP commands to the SRS service. Whois is not considered authoritative for registered domain objects. The Whois service may be scheduled for downtime during production or OT&E maintenance periods. Queries to the Whois services are throttled. If too many queries are received from a single IP address within a specified time, the service will begin to reject further queries for a period of time to prevent disruption of Whois service access.
Network IP address lookup:
Whois query for 72.52.4.120...
Results returned from whois.arin.net:
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: Whois Terms of Use
#
# If you see inaccuracies in the results, please report at
# ARIN - American Registry for Internet Numbers
#
#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=...alse&showNonArinTopLevelNet=false&ext=netref2
#
NetRange: 72.52.0.0 - 72.52.63.255
CIDR: 72.52.0.0/18
NetName: PROLEXIC
NetHandle: NET-72-52-0-0-1
Parent: NET72 (NET-72-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Akamai Technologies, Inc. (AKAMAI)
RegDate: 2005-07-11
Updated: 2015-06-24
Ref: https://whois.arin.net/rest/net/NET-72-52-0-0-1
OrgName: Akamai Technologies, Inc.
OrgId: AKAMAI
Address: 150 Broadway
City: Cambridge
StateProv: MA
PostalCode: 02142
Country: US
RegDate: 1999-01-21
Updated: 2017-03-07
Ref: https://whois.arin.net/rest/org/AKAMAI
OrgAbuseHandle: NUS-ARIN
OrgAbuseName: NOC United States
OrgAbusePhone: +1-617-444-2535
OrgAbuseEmail: abuse@akamai.com
OrgAbuseRef: https://whois.arin.net/rest/poc/NUS-ARIN
OrgTechHandle: SJS98-ARIN
OrgTechName: Schecter, Steven Jay
OrgTechPhone: +1-617-274-7134
OrgTechEmail: ip-admin@akamai.com
OrgTechRef: https://whois.arin.net/rest/poc/SJS98-ARIN
OrgTechHandle: ZIPKI-ARIN
OrgTechName: Zipkin, Justin
OrgTechPhone: +1-617-444-9713
OrgTechEmail: ip-admin@akamai.com
OrgTechRef: https://whois.arin.net/rest/poc/ZIPKI-ARIN
OrgTechHandle: IPADM11-ARIN
OrgTechName: ipadmin
OrgTechPhone: +1-617-444-0017
OrgTechEmail: ip-admin@akamai.com
OrgTechRef: https://whois.arin.net/rest/poc/IPADM11-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: Whois Terms of Use
#
# If you see inaccuracies in the results, please report at
# ARIN - American Registry for Internet Numbers
#
 
Outlook version
Outlook 2016 32 bit
Email Account
Office 365 Exchange
#2
It's just outlook being stupid, not a hacker. :) It sounds like the contact doesn't have an email address or outlook thinks the phone # is a valid alias. I son't know if its unique to the android version or if the iphone version does it too (I haven't noticed it, but that doesn't mean much.)
 

Similar threads