ScienceDomain International and/or IK Press

Something calling itself “ScienceDomain International Ltd”, apparently of Third Floor, 207 Regent Street, London, W1B 3HH, continues to turn up in spamtraps. They have existed as an UK company twice, but both registrations have been dissolved (Reg. No 07794635 – Dissolved on 14 January 2014; Reg. No 08988029 – Dissolved on 24 November 2015). Nonetheless, they process personal data without having ever registered with the Information Commissioner’s Office, which in itself is a criminal act in the United Kingdom.


A recent spam led us to perform a reverse DNS scan of the OVH netblock 37.59.222.0/24. The relevant part ranges from .160 to .191:

161.222.59.37.in-addr.arpa. 86400 IN    PTR     server.ijeart-publication.net.
162.222.59.37.in-addr.arpa. 86400 IN    PTR     server3.sciencedomainn.net.
168.222.59.37.in-addr.arpa. 86400 IN    PTR     server5.mark-riese.net.
169.222.59.37.in-addr.arpa. 86400 IN    PTR     server4.mark-riese.net.
170.222.59.37.in-addr.arpa. 86400 IN    PTR     server3.mark-riese.net.
171.222.59.37.in-addr.arpa. 86400 IN    PTR     server2.mark-riese.net.
172.222.59.37.in-addr.arpa. 86400 IN    PTR     server1.mark-riese.net.
173.222.59.37.in-addr.arpa. 86400 IN    PTR     server.irpublication.me.
174.222.59.37.in-addr.arpa. 86400 IN    PTR     server.woar-journals.net.
175.222.59.37.in-addr.arpa. 86400 IN    PTR     server1.sciencedomainn.net.
176.222.59.37.in-addr.arpa. 86400 IN    PTR     server.eclatpub.net.
177.222.59.37.in-addr.arpa. 86400 IN    PTR     server.sciencedomaines.net.
178.222.59.37.in-addr.arpa. 86400 IN    PTR     server.indore-infoline.net.
179.222.59.37.in-addr.arpa. 86400 IN    PTR     server.ijoear.website.
180.222.59.37.in-addr.arpa. 86400 IN    PTR     server.ijoer.org.
181.222.59.37.in-addr.arpa. 86400 IN    PTR     server2.sciencedomainn.net.
182.222.59.37.in-addr.arpa. 86400 IN    PTR     server1.ikpres.net.
183.222.59.37.in-addr.arpa. 86400 IN    PTR     server.ikpres.net.
184.222.59.37.in-addr.arpa. 86400 IN    PTR     server.mark-riese.net.
185.222.59.37.in-addr.arpa. 86400 IN    PTR     server.erpublication.net.
187.222.59.37.in-addr.arpa. 86400 IN    PTR     server.ijeas.biz.
188.222.59.37.in-addr.arpa. 86400 IN    PTR     server.ijntr.com.
189.222.59.37.in-addr.arpa. 86400 IN    PTR     server.astropublication.net.
190.222.59.37.in-addr.arpa. 86400 IN    PTR     server.actiondna.biz.

which gives us some identification and a few more IPs and domain names to list. Out of the above, ijeart-publication.net had already been listed on 20151218, sciencedomaines.net yesterday (20160101), ijoer.org on 20151208, ikpres.net 20151226, erpublication.net 20151110, ijeas.biz 20151029, ijntr.com as IKPRESS 20150826, and astropublication.net as enet-blaster on 20151128.

The /24 and all remaining domain names have now been listed. OVH will be alerted.

4 thoughts on “ScienceDomain International and/or IK Press

  1. RocketScientist Post author

    In February 2015, they were spamming through SendGrid, and were promptly terminated by the same.

    In March 2015, they were spamming through Turbo-SMTP, and were promptly terminated by the same.

    In April 2015, they were spamming through Mandrill, and (yes, you guessed it) were promptly terminated by the same. X-Mandrill-User: md_30321211

    Reply
  2. RocketScientist Post author

    Fresh spam in:

    Received-SPF: pass (ikkprress.com: 69.197.144.195 is authorized to use          
            [email protected]' in 'mfrom' identity (mechanism                      
            'ip4:69.197.144.192/27' matched)) receiver=x
            identity=mailfrom; envelope-from="[email protected]";                   
            helo=mta1.ikpreess.com; client-ip=69.197.144.195                        
    

    Let’s see about this netblock:

    195.144.197.69.in-addr.arpa. 38400 IN   PTR     mta1.ikpreess.com.
    196.144.197.69.in-addr.arpa. 38400 IN   PTR     mta2.ikpreess.com.
    204.144.197.69.in-addr.arpa. 29698 IN   PTR     mta1.sciiencedomaiins.com.
    205.144.197.69.in-addr.arpa. 38400 IN   PTR     mta2.sciiencedomaiins.com.
    206.144.197.69.in-addr.arpa. 38399 IN   PTR     mta3.sciiencedomaiins.com.
    207.144.197.69.in-addr.arpa. 38400 IN   PTR     mta4.sciiencedomaiins.com.
    208.144.197.69.in-addr.arpa. 38399 IN   PTR     mta5.sciiencedomaiins.com.
    209.144.197.69.in-addr.arpa. 38399 IN   PTR     mta6.sciiencedomaiins.com.
    210.144.197.69.in-addr.arpa. 33213 IN   PTR     mta3.ikpreess.com.
    211.144.197.69.in-addr.arpa. 38399 IN   PTR     mta4.ikpreess.com.
    

    This WholesaleInternet /24 is now listed. The /27 is not suballocated in ARIN WHOIS or WholesaleInternet RWHOIS, which is a violation of ARIN policies.

    Reply
  3. RocketScientist Post author

    Response just in from the ICO, as well.

    I understand that you are concerned that Science Domain is not registered with the ICO for processing personal data and does not appear to have valid and up to date records on Companies House.

    After searching our register for data controllers, it appears to be the case that Science Domain is not registered with the ICO as you have outlined. I have therefore referred this matter to our Notifications department who will carry out the relevant steps in relation to Science Domain’s registration with us.

    Manisha Basumondal / Manisha Basu, DOB 4/1979, and Pinaki Mondal, DOB 12/1976, whatcha gonna do when dey come for you?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *