{"id":211,"date":"2015-08-30T19:55:27","date_gmt":"2015-08-30T19:55:27","guid":{"rendered":"https:\/\/scientificspam.net\/?p=211"},"modified":"2015-09-18T03:03:15","modified_gmt":"2015-09-18T03:03:15","slug":"izsearch-new-private-search-engine-advertised-by-spam","status":"publish","type":"post","link":"https:\/\/www.scientificspam.net\/?p=211","title":{"rendered":"iZSearch: New &#8220;private&#8221; search engine &#8211; advertised by spam"},"content":{"rendered":"<p>On July 16, our spamtraps started getting solicitations about <em>iZSearch.com &#8211; a new private way to search the Web<\/em>.  We figured this had to have been a crank, but it turns out it wasn&#8217;t. The mail is coming from <strong>70.167.8.42<\/strong> <em>update 9\/17: and from <strong>178.168.111.21<\/strong><\/em>.<\/p>\n<p><!--more--><br \/>\nA group of <em>Test our new search engine iZSearch.com<\/em> spams followed in the end of July to beginning of August. Still, we didn&#8217;t react.<\/p>\n<p>In late August, they started hitting spamtraps with subject lines lifted from the published work of the target address owners.  Given the target addresses, and the content, it is clear that they have been harvesting (both!) from PubMed.<\/p>\n<p>So, we listed their domain name, and their network range:<\/p>\n<pre>\r\nNetRange:       70.167.8.40 - 70.167.8.47\r\nCIDR:           70.167.8.40\/29\r\nNetName:        NETBLK-SD-IZS-OFHFC-70-167-8-40\r\nNetHandle:      NET-70-167-8-40-1\r\nParent:         NETBLK-SD-OHFC-70-167-0-0 (NET-70-167-0-0-1)\r\nNetType:        Reassigned\r\nOriginAS:       \r\nOrganization:   iZSearch, Inc. (IZSEA)\r\nRegDate:        2015-04-07\r\nUpdated:        2015-04-07\r\nRef:            http:\/\/whois.arin.net\/rest\/net\/NET-70-167-8-40-1\r\n\r\nOrgName:        iZSearch, Inc.\r\nOrgId:          IZSEA\r\nAddress:        1921 Palomar Oaks Way\r\nAddress:        Suite 300\r\nCity:           Carlsbad\r\nStateProv:      CA\r\nPostalCode:     92008\r\nCountry:        USRegDate:        2015-04-07\r\nUpdated:        2015-04-15\r\nRef:            http:\/\/whois.arin.net\/rest\/org\/IZSEA\r\n\r\nOrgTechHandle: BAITA-ARIN\r\nOrgTechName:   Baitaluk, Michael \r\nOrgTechPhone:  +1-858-480-9531 \r\nOrgTechEmail:  baitaluk@gmail.com\r\nOrgTechRef:    http:\/\/whois.arin.net\/rest\/poc\/BAITA-ARIN\r\n\r\nOrgAbuseHandle: BAITA-ARIN\r\nOrgAbuseName:   Baitaluk, Michael \r\nOrgAbusePhone:  +1-858-480-9531 \r\nOrgAbuseEmail:  baitaluk@gmail.com\r\nOrgAbuseRef:    http:\/\/whois.arin.net\/rest\/poc\/BAITA-ARIN\r\n<\/pre>\n<p>and will be informing Cox about it.<\/p>\n<p>As an interesting side note, it appears that at least one major blocklist, SORBS, is listing the IP address 70.167.8.42 as well &#8211; and seems to have beat us to it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On July 16, our spamtraps started getting solicitations about iZSearch.com &#8211; a new private way to search the Web. We figured this had to have been a crank, but it turns out it wasn&#8217;t. The mail is coming from 70.167.8.42 update 9\/17: and from 178.168.111.21.<\/p>\n","protected":false},"author":1,"featured_media":215,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[113,112],"class_list":["post-211","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-j-random-spammer","tag-izsearch-inc","tag-izsearch-com"],"_links":{"self":[{"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/posts\/211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=211"}],"version-history":[{"count":4,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/posts\/211\/revisions"}],"predecessor-version":[{"id":225,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/posts\/211\/revisions\/225"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/media\/215"}],"wp:attachment":[{"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}