On July 16, our spamtraps started getting solicitations about iZSearch.com – a new private way to search the Web. We figured this had to have been a crank, but it turns out it wasn’t. The mail is coming from 184.108.40.206 update 9/17: and from 220.127.116.11.
A group of Test our new search engine iZSearch.com spams followed in the end of July to beginning of August. Still, we didn’t react.
In late August, they started hitting spamtraps with subject lines lifted from the published work of the target address owners. Given the target addresses, and the content, it is clear that they have been harvesting (both!) from PubMed.
So, we listed their domain name, and their network range:
NetRange: 18.104.22.168 - 22.214.171.124 CIDR: 126.96.36.199/29 NetName: NETBLK-SD-IZS-OFHFC-70-167-8-40 NetHandle: NET-70-167-8-40-1 Parent: NETBLK-SD-OHFC-70-167-0-0 (NET-70-167-0-0-1) NetType: Reassigned OriginAS: Organization: iZSearch, Inc. (IZSEA) RegDate: 2015-04-07 Updated: 2015-04-07 Ref: http://whois.arin.net/rest/net/NET-70-167-8-40-1 OrgName: iZSearch, Inc. OrgId: IZSEA Address: 1921 Palomar Oaks Way Address: Suite 300 City: Carlsbad StateProv: CA PostalCode: 92008 Country: USRegDate: 2015-04-07 Updated: 2015-04-15 Ref: http://whois.arin.net/rest/org/IZSEA OrgTechHandle: BAITA-ARIN OrgTechName: Baitaluk, Michael OrgTechPhone: +1-858-480-9531 OrgTechEmail: [email protected] OrgTechRef: http://whois.arin.net/rest/poc/BAITA-ARIN OrgAbuseHandle: BAITA-ARIN OrgAbuseName: Baitaluk, Michael OrgAbusePhone: +1-858-480-9531 OrgAbuseEmail: [email protected] OrgAbuseRef: http://whois.arin.net/rest/poc/BAITA-ARIN
and will be informing Cox about it.
As an interesting side note, it appears that at least one major blocklist, SORBS, is listing the IP address 188.8.131.52 as well – and seems to have beat us to it.