Another method of how cyber criminals operate online. These idiots have no morals.
When I began posting on The Sanford Family Misfit, I never dreamed people would actually read the things I posted. Who would’ve thought I’d eventually earn myself a few loyal readers? It never crossed my mind – the same way it never crossed my mind that I would eventually run into the occasional splog out to turn a buck off of my research, writing, and/or photos. Let’s be honest, at the time I didn’t even know what a splog was.
What is a splog?
A splog is a spam blog. Sploggers basically steal content from legitimate bloggers and repost to their own sites as a way of skewing search results and falsely generating traffic. Basically, they are leeches. You can find more information on splogs here, here, and here.
How do Sploggers steal content?Sploggers “scrape” a blogs content by leeching off of RSS feeds or copying content directly from the original source. This process is explained more thoroughly here.
What do splogs have to do with Rssing.com?
I recently ran a Google search for The Sanford Family Misfit (I randomly do this from time to time) and bumped into a site called Rssing.com.
Source:http://www.sanfordfamilymisfit.com/updated-copyright-and-rssing-com/
Address lookup
canonical name archive.is
aliases
addresses 91.121.84.91
Domain Whois record
Queried whois.isnet.is with “archive.is”…
% This is the ISNIC Whois server.
%
% Rights restricted by copyright.
% See http://www.isnic.is/copyright.php
domain: archive.is
descr: Denis Petrov
descr: 16 Bilkova
descr: CZ-11000 Prague
admin-c: DP36-IS
tech-c: DP36-IS
zone-c: JB51-IS
billing-c: DP36-IS
nserver: ns.rackspace.com
nserver: ns2.rackspace.com
created: May 16 2012
expires: May 16 2014
source: ISNIC
person: Denis Petrov
address: 16 Bilkova
address: CZ-11000 Prague
e-mail: isnic@denis.biz
nic-hdl: DP36-IS
created: May 16 2012
source: ISNIC
person: Jason Bratton
address: 9725 Datapoint Drive, Suite 100
address: San Antonio, Texas 78229
address: US
phone: +001 210 3124475
e-mail: jbratton@rackspace.com
nic-hdl: JB51-IS
created: August 4 2008
source: ISNIC
Network Whois record
Queried whois.ripe.net with “-B 91.121.84.91″…
% Information related to ‘91.121.64.0 – 91.121.127.255’
inetnum: 91.121.64.0 – 91.121.127.255
netname: OVH
descr: OVH SAS
descr: Dedicated Servers
descr: http://www.ovh.com
country: FR
admin-c: OK217-RIPE
tech-c: OTC2-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
changed: noc@ovh.net 20080310
source: RIPE
role: OVH Technical Contact
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
e-mail: noc@ovh.net
admin-c: OK217-RIPE
tech-c: GM84-RIPE
nic-hdl: OTC2-RIPE
notify: noc@ovh.net
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
changed: noc@ovh.net 20101005
source: RIPE
person: Octave Klaba
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
phone: +33 9 74 53 13 23
e-mail: noc@ovh.net
nic-hdl: OK217-RIPE
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
changed: noc@ovh.net 20101005
source: RIPE
% Information related to ‘91.121.0.0/17AS16276’
route: 91.121.0.0/17
descr: OVH ISP
descr: Paris, France
origin: AS16276
notify: noc@ovh.net
mnt-by: OVH-MNT
changed: noc@ovh.net 20070511
source: RIPE
% This query was served by the RIPE Database Query Service version 1.69 (WHOIS2)
DNS records
name class type data time to live
archive.is IN SOA
server: ns.rackspace.com
email: webmaster@archive.is
serial: 1380735343
refresh: 21600
retry: 3600
expire: 1814400
minimum ttl: 300
900s (00:15:00)
archive.is IN A 91.121.84.91 300s (00:05:00)
archive.is IN MX
preference: 30
exchange: aspmx4.googlemail.com
300s (00:05:00)
archive.is IN MX
preference: 30
exchange: aspmx3.googlemail.com
300s (00:05:00)
archive.is IN MX
preference: 30
exchange: aspmx2.googlemail.com
300s (00:05:00)
archive.is IN MX
preference: 30
exchange: aspmx5.googlemail.com
300s (00:05:00)
archive.is IN MX
preference: 20
exchange: alt1.aspmx.l.google.com
300s (00:05:00)
archive.is IN MX
preference: 10
exchange: aspmx.l.google.com
300s (00:05:00)
archive.is IN MX
preference: 20
exchange: alt2.aspmx.l.google.com
300s (00:05:00)
archive.is IN NS ns.rackspace.com 86400s (1.00:00:00)
archive.is IN NS ns2.rackspace.com 86400s (1.00:00:00)
91.84.121.91.in-addr.arpa IN PTR k1.archive.is 86400s (1.00:00:00)
84.121.91.in-addr.arpa IN SOA
server: dns10.ovh.net
email: tech@ovh.net
serial: 2013100600
refresh: 43200
retry: 4320
expire: 2419200
minimum ttl: 86400
86400s (1.00:00:00)
84.121.91.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 7200 (02:00:00)
signature expiration: 2013-11-06 10:10:11Z
signature inception: 2013-10-07 09:10:11Z
key tag: 4467
signer’s name: 91.in-addr.arpa
signature:
(1024 bits)
2877E9D2DBA40062204EA668FF51A4C6
E503D50220B1DEE06ECDC07FD9F256C6
47598B34A7701A30063E3933096CFF5D
D124DFE2ADEF9904885FAAA36A1FE38C
DDE6B89C9531B1699216E269EF2898B1
688DE9050C6C1192BB55A3AC5CFC506F
05CBD04CE170419D1CB5EB14CF003155
9824B910E7B04BB6818C8DCF81A0A383
7200s (02:00:00)
84.121.91.in-addr.arpa IN NSEC
next domain name: 85.121.91.in-addr.arpa
record types: NS RRSIG NSEC
7200s (02:00:00)
84.121.91.in-addr.arpa IN NS dns10.ovh.net 8128s (02:15:28)
84.121.91.in-addr.arpa IN NS ns10.ovh.net 8128s (02:15:28)
— end —
Related Article:
http://fraudulent107.rssing.com/browser.php?indx=15224477&item=1
scamFRAUDalert™ Report 
scamFRAUDalert Report » BANK alert___ – Rssing.com
scamfraudalert211.rssing.com/chan-31116135/all_p1.html
4 days ago – … 05/25/14–07:46: _enterprise-holdings… 08/27/14–11:31: _erick@usacareerorg.com · 08/28/14–12:22: _WhoIs 888-529-4329.com. (showing …
scamFRAUDalert Report » money mule reruitment
reruitment1.rssing.com/chan-31130922/all_p1.html
08/27/14–11:31: _erick@usacareerorg.com · 08/28/14–10:30: _WhoIs job4u.com ? 08/28/14–10:47: _WhoIs http://www.dscginc.com. (showing articles 1 to 7 of 7) …
Address lookup
canonical name denis.biz
aliases
addresses 216.239.36.21
216.239.38.21
216.239.34.21
216.239.32.21
Domain Whois record
Queried whois.biz with “denis.biz
Domain Name: DENIS.BIZ
Domain ID: D1119599-BIZ
Sponsoring Registrar: GANDI SAS
Sponsoring Registrar IANA ID: 81
Registrar URL (registration services): whois.gandi.net
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Registrant ID: 0-1698979-GANDI
Registrant Name: Nathan Miller
Registrant Organization: Registrant
Registrant Address1: nevsky 30
Registrant City: stpetersburg
Registrant Postal Code: 191000
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +420.775168924
Registrant Email: directnic@camfex.cz
Administrative Contact ID: DP3452-GANDI
Administrative Contact Name: Denis Petrov
Administrative Contact Address1: 33/862 Leninsky
Administrative Contact City: St.Petersburg
Administrative Contact Postal Code: 191000
Administrative Contact Country: Russian Federation
Administrative Contact Country Code: RU
Administrative Contact Phone Number: +420.775168924
Administrative Contact Facsimile Number: +33.1
Administrative Contact Email: 81255d937cb00075e81aea71d6c81e2a-1239883@contact.gandi.net
Billing Contact ID: AR41-GANDI
Billing Contact Name: Service Technique
Billing Contact Organization: Gandi SARL
Billing Contact Address1: 63 – 65 Boulevard Massena
Billing Contact City: Paris
Billing Contact Postal Code: 75013
Billing Contact Country: France
Billing Contact Country Code: FR
Billing Contact Phone Number: +33.143737851
Billing Contact Email: support@gandi.net
Technical Contact ID: AR41-GANDI
Technical Contact Name: Service Technique
Technical Contact Organization: Gandi SARL
Technical Contact Address1: 63 – 65 Boulevard Massena
Technical Contact City: Paris
Technical Contact Postal Code: 75013
Technical Contact Country: France
Technical Contact Country Code: FR
Technical Contact Phone Number: +33.143737851
Technical Contact Email: support@gandi.net
Name Server: C.DNS.GANDI.NET
Name Server: B.DNS.GANDI.NET
Name Server: A.DNS.GANDI.NET
Created by Registrar: DNC HOLDINGS, INC.
Last Updated by Registrar: GANDI SAS
Last Transferred Date: Mon Nov 29 01:27:12 GMT 2010
Domain Registration Date: Wed Nov 07 16:20:42 GMT 2001
Domain Expiration Date: Mon Nov 06 23:59:59 GMT 2017
Domain Last Updated Date: Sat Dec 04 21:54:01 GMT 2010
>>>> Whois database was last updated on: Sun Dec 01 21:12:02 GMT 2013 <<<<
Network Whois record
Queried whois.arin.net with "n 216.239.36.21"…
NetRange: 216.239.32.0 – 216.239.63.255
CIDR: 216.239.32.0/19
OriginAS:
NetName: GOOGLE
NetHandle: NET-216-239-32-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
RegDate: 2000-11-22
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-216-239-32-0-1
OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2013-08-07
Ref: http://whois.arin.net/rest/org/GOGL
OrgAbuseHandle: ZG39-ARIN
OrgAbuseName: Google Inc
OrgAbusePhone: +1-650-253-0000
OrgAbuseEmail: arin-contact@google.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ZG39-ARIN
OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc
OrgTechPhone: +1-650-253-0000
OrgTechEmail: arin-contact@google.com
OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN
RTechHandle: ZG39-ARIN
RTechName: Google Inc
RTechPhone: +1-650-253-0000
RTechEmail: arin-contact@google.com
RTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN
DNS records
name class type data time to live
denis.biz IN SOA
server: a.dns.gandi.net
email: hostmaster@gandi.net
serial: 1291499697
refresh: 10800
retry: 3600
expire: 604800
minimum ttl: 10800
10800s (03:00:00)
denis.biz IN MX
preference: 20
exchange: alt2.aspmx.l.google.com
10800s (03:00:00)
denis.biz IN MX
preference: 30
exchange: aspmx5.googlemail.com
10800s (03:00:00)
denis.biz IN MX
preference: 30
exchange: aspmx2.googlemail.com
10800s (03:00:00)
denis.biz IN MX
preference: 10
exchange: aspmx.l.google.com
10800s (03:00:00)
denis.biz IN MX
preference: 20
exchange: alt1.aspmx.l.google.com
10800s (03:00:00)
denis.biz IN MX
preference: 30
exchange: aspmx4.googlemail.com
10800s (03:00:00)
denis.biz IN MX
preference: 30
exchange: aspmx3.googlemail.com
10800s (03:00:00)
denis.biz IN A 216.239.36.21 10800s (03:00:00)
denis.biz IN A 216.239.38.21 10800s (03:00:00)
denis.biz IN A 216.239.32.21 10800s (03:00:00)
denis.biz IN A 216.239.34.21 10800s (03:00:00)
denis.biz IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-256 (8)
labels: 2
original ttl: 86400 (1.00:00:00)
signature expiration: 2013-12-31 03:44:35Z
signature inception: 2013-12-01 03:35:58Z
key tag: 34359
signer's name: biz
signature:
(1024 bits)
6ED3B3BB7A1BFC473F6F7327287DDAE4
17395095F46A82E3FBF3628F14F4667F
E26F2823F8E3572C709FF3B03A662EFF
9B55667A08B10D0600A7898647231B9A
9FFB0D3D34ABCAFEFB4BAC8DB384BEE8
8213D2359B1550AC48F7BB41E9FBA677
2CB62C676CC2EE3FEA199055B162078D
EE8E31B558EF18223689B4658E542886
86400s (1.00:00:00)
denis.biz IN NSEC
next domain name: denis-desgranges.biz
record types: NS RRSIG NSEC
86400s (1.00:00:00)
denis.biz IN NS c.dns.gandi.net 7200s (02:00:00)
denis.biz IN NS a.dns.gandi.net 7200s (02:00:00)
denis.biz IN NS b.dns.gandi.net 7200s (02:00:00)
21.36.239.216.in-addr.arpa IN PTR any-in-2415.1e100.net 86400s (1.00:00:00)
36.239.216.in-addr.arpa IN SOA
server: ns1.google.com
email: dns-admin@google.com
serial: 2013091701
refresh: 21600
retry: 3600
expire: 1209600
minimum ttl: 10800
86400s (1.00:00:00)
36.239.216.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 10800 (03:00:00)
signature expiration: 2013-12-11 17:02:50Z
signature inception: 2013-12-01 17:02:50Z
key tag: 9680
signer's name: 216.in-addr.arpa
signature:
(1024 bits)
1423119C25AB2CF14BBAE12713BCB772
F3458AB357F2B8E3A8929BF980A1EFB6
3424573930599C3F1CE84226BA2D31B9
9D038A5A50173CD0B5F42C2C667BA35E
E5178D0BE254C8BA088128273C83E1AD
58F7403AF7FBF1EC7BC9023DF15900F3
C1010326237D8292B1C539A187A5D17C
82A97B95C3C41C0BDC861C846CC11A71
10800s (03:00:00)
36.239.216.in-addr.arpa IN NSEC
next domain name: 37.239.216.in-addr.arpa
record types: NS RRSIG NSEC
10800s (03:00:00)
36.239.216.in-addr.arpa IN NS ns4.google.com 14776s (04:06:16)
36.239.216.in-addr.arpa IN NS ns1.google.com 14776s (04:06:16)
36.239.216.in-addr.arpa IN NS ns2.google.com 14776s (04:06:16)
36.239.216.in-addr.arpa IN NS ns3.google.com 14776s (04:06:16)
— end —