diff --git a/www/js/controllers/wot-controllers.js b/www/js/controllers/wot-controllers.js
index 2e3c8645cbce6135e9e9365fe764b0d19a36f2df..b7d9cd2c2b31cfbaa38f359d0c9eae164a11a8f6 100644
--- a/www/js/controllers/wot-controllers.js
+++ b/www/js/controllers/wot-controllers.js
@@ -162,7 +162,7 @@ angular.module('cesium.wot.controllers', ['cesium.services'])
 ;
 
 function WotLookupController($scope, $state, $q, $timeout, $focus, $location, $ionicPopover, $ionicHistory,
-                             UIUtils, csConfig, csCurrency, csSettings, Device, BMA, csWallet, csWot) {
+                             UIUtils, csConfig, csCurrency, csSettings, Device, BMA, csWallet, csWot, csCrypto) {
   'ngInject';
 
   var defaultSearchLimit = 10;
@@ -293,10 +293,28 @@ function WotLookupController($scope, $state, $q, $timeout, $focus, $location, $i
 
     $scope.search.loading = true;
     $scope.search.type = 'text';
+
+    // If checksum is correct, search on simple pubkey
+    let pubkeyWithCk;
+    if (BMA.regexp.PUBKEY_WITH_CHECKSUM.test(text)) {
+      console.debug("[wot] Validating pubkey checksum... ");
+      let matches = BMA.regexp.PUBKEY_WITH_CHECKSUM.exec(text);
+      console.log(matches)
+      pubkey = matches[1];
+      let checksum = matches[2];
+      let expectedChecksum = csCrypto.util.pkChecksum(pubkey);
+      if (checksum === expectedChecksum) {
+        console.debug("[wot] checksum {" + checksum + "} valid for pubkey {" + pubkey + "}")
+        text = pubkey
+        pubkeyWithCk = pubkey + ':' + checksum
+      }
+    }
+
     return csWot.search(text)
       .then(function(idties){
         if ($scope.search.type !== 'text') return; // could have change
-        if ($scope.search.text.trim() !== text) return; // search text has changed before received response
+        originText = $scope.search.text.trim();
+        if (originText !== text && originText !== pubkeyWithCk) return; // search text has changed before received response
 
         if ((!idties || !idties.length) && (BMA.regexp.PUBKEY.test(text) || BMA.regexp.PUBKEY_WITH_CHECKSUM.test(text))) {
           return BMA.uri.parse(text)
diff --git a/www/js/services/wot-services.js b/www/js/services/wot-services.js
index 87faa4c2c8144447df266a31f8b50e3aca06435e..da5e8b73378c0826f302f3d5c5e44061f3023d14 100644
--- a/www/js/services/wot-services.js
+++ b/www/js/services/wot-services.js
@@ -856,6 +856,15 @@ angular.module('cesium.wot.services', ['ngApi', 'cesium.bma.services', 'cesium.c
           return api.data.raisePromise.search(text, idties, 'pubkey')
             .then(function() {
 
+              // remove CS+ ids that match pubkey regex (considered attacks) - fix #959
+              idties = idties.filter(function(idty) {
+                if (BMA.regexp.PUBKEY.test(text) || BMA.regexp.PUBKEY_WITH_CHECKSUM.test(text)) {
+                  text_pk = text.split(':')[0]
+                  return idty.pubkey == text_pk
+                }
+                return true;
+              })
+
               // Make sure to add uid to new results - fix #488
               if (idties.length > lookupResultCount) {
                 var idtiesWithoutUid = _.filter(idties, function(idty) {