On July 16, our spamtraps started getting solicitations about iZSearch.com – a new private way to search the Web. We figured this had to have been a crank, but it turns out it wasn’t. The mail is coming from 70.167.8.42 update 9/17: and from 178.168.111.21.
A group of Test our new search engine iZSearch.com spams followed in the end of July to beginning of August. Still, we didn’t react.
In late August, they started hitting spamtraps with subject lines lifted from the published work of the target address owners. Given the target addresses, and the content, it is clear that they have been harvesting (both!) from PubMed.
So, we listed their domain name, and their network range:
NetRange: 70.167.8.40 - 70.167.8.47 CIDR: 70.167.8.40/29 NetName: NETBLK-SD-IZS-OFHFC-70-167-8-40 NetHandle: NET-70-167-8-40-1 Parent: NETBLK-SD-OHFC-70-167-0-0 (NET-70-167-0-0-1) NetType: Reassigned OriginAS: Organization: iZSearch, Inc. (IZSEA) RegDate: 2015-04-07 Updated: 2015-04-07 Ref: http://whois.arin.net/rest/net/NET-70-167-8-40-1 OrgName: iZSearch, Inc. OrgId: IZSEA Address: 1921 Palomar Oaks Way Address: Suite 300 City: Carlsbad StateProv: CA PostalCode: 92008 Country: USRegDate: 2015-04-07 Updated: 2015-04-15 Ref: http://whois.arin.net/rest/org/IZSEA OrgTechHandle: BAITA-ARIN OrgTechName: Baitaluk, Michael OrgTechPhone: +1-858-480-9531 OrgTechEmail: baitaluk@gmail.com OrgTechRef: http://whois.arin.net/rest/poc/BAITA-ARIN OrgAbuseHandle: BAITA-ARIN OrgAbuseName: Baitaluk, Michael OrgAbusePhone: +1-858-480-9531 OrgAbuseEmail: baitaluk@gmail.com OrgAbuseRef: http://whois.arin.net/rest/poc/BAITA-ARIN
and will be informing Cox about it.
As an interesting side note, it appears that at least one major blocklist, SORBS, is listing the IP address 70.167.8.42 as well – and seems to have beat us to it.
If we had to guess we’d say iZSearch is an attempt to commercialize the authors’ earlier academic work, IntegromeDB. One would have thought that being a published author receiving Scientific Spam would have been a deterrent to sending it yourself, but as other examples on this site have shown, we’re clearly misled in such thoughts.
Also coming in from [178.168.111.21]
% Abuse contact for '178.168.111.21 - 178.168.111.21' is 'abuse@starnet.md'
inetnum: 178.168.111.21 - 178.168.111.21
netname: iZSearchNET
descr: iZSearch, Inc
descr: 1921 Palomar Oaks Way, Suite 300
descr: Carlsbad
country: US
% Information related to '178.168.0.0/17AS31252'
route: 178.168.0.0/17
descr: SC STARNET SRL
origin: AS31252
mnt-by: MNT-STARNETMD
created: 2010-03-18T13:56:47Z
last-modified: 2010-03-18T13:56:47Z
source: RIPE # Filtered
The sh1tweasels tell me that “We are very proud of your achievement”. Thanks, dudes, I’m glad to have lived up to your high expectations.
————————————
“Dr. Bimler David,
We have viewed your highlighted paper:
Multidimensional scaling of D15 caps: color-vision defects among tobacco smokers?
in Visual neuroscience
We are very proud of your achievement and wish you more success in your research.
You probably make a lot of searches for publications, patents and previous art in your field.
There is a danger that the artificial intelligence behind big search engine company like Google reverse-engineer people’s searches to point their own engineering team toward nascent, potentially profitable ideas.”
————————————
What is their first language?
I got a mail from them today..so its spam now, when i understand it right
or not?
@ Welcher Computer: If you didn’t ask to receive it, and we know that it’s bulk, and obviously it’s email, that makes it Unsolicited Bulk Email, and that’s all that counts.
Got mails from it too, but when i read this post and its comments, i know, that i can delete them without problems.
Thx for it