ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Andreas Pohl

Evidence Menu:

Andreas Pohl Index


Country: Germany
State:
German pharmaceuticals spammer. Sells mostly erection-dysfunction drugs through web sites advertised in spam emails.


Andreas Pohl SBL Listings History
Current SBL Listings
Archived SBL Listings

Spamming Strategy


[Update 2012-12-27]

After Spamhaus has started to investigate Andreas Pohl's spam operation, he changed his spam strategy. In fact he is still spamming out large amount of spam emails, but the spam emails do no longer contain any domain names used by Andreas Pohl's online drug shops / spammer brands:


Spam sample
===================================
Received: from mx01.xrvmail.com ([173.166.124.210]) by X
(X) with ESMTP (X) id X for
<X>; Tue, 25 Dec 2012 X
Message-ID: <X@bootstaufe.de>
Date: Mon, 24 Dec 2012 X
From: Info-Apotheke <X>
X-Accept-Language: en-us
MIME-Version: 1.0
To: X
Subject: =?iso-8859-1?B?QW5vbnltIFZpYWdyYS1PbmxpbmU=?=
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Envelope-To: X


Wir von "Swiss-Apotheke" bieten Ihnen die diskrete Moeglichkeit
Potenzmittel zu kaufen.

- Grosses Sortiment an Potenz-Produkten
- Original Viagra und Generika PotenzMittel
- Günstigere Preise als Lokal-Apotheken
- Diskrete, anonyme Bestellung
- Versandkosten inklusive

Unsere Webseite erreichen Sie per Google/Web/Suche
===================================

The recent spam campaigns sent out by Andreas Pohl advises the recipient of the email to Google for the spam brand, in the case outlined above 'Swiss-Apotheke' which leads to to one of Andreas Pohl's well known spam brands:

hXXp://www.swiss-apotheke.org/
_______________________________________________

[2012-11-08]
Andreas Pohl advertises a long list of domain names in spam emails. (See the "Landing pages" section of this entry.) When visiting a web site at one of these domains, the web site redirects the visitor to a different web site which hosts the real drug shop.

Example:
hXXp://potenzmittelkaufen.us [URI in spam]
--> Drug shop: hXXp://swiss.verifizierte-online-apotheke.de:8080/ [Landing page]
---> Payment site: https://www.secure-online-checkout.net/de/checkout2/ [Landing page]

Using this strategy, Andreas Pohl attempts to ensure that only the throwaway domains advertised in his spam emails are blacklisted and suspended. Additionally, he outsources payment processing and customer support service to separate web sites on separate domains.

Customer support service:

"Falls Sie in der Vergangenheit bei Swiss Apotheke bestellt haben, verfügen Sie bereits über einen Benutzernamen und ein Passwort. Sollten Sie Ihren Benutzernamen oder Ihr Passwort vergessen haben, geben Sie bitte unten Ihre E-Mail Adresse ein und eine Nachricht mit einem neuen Benutzernamen und Passwort wird an Sie gesendet.

Sollten Sie die Nachricht nicht erhalten, kontaktieren Sie bitte unseren Kundendienst unter service@customer-support24.com."

Ref.: swiss.verifizierte-online-apotheke.de

Payment processing site:
https://www.secure-online-checkout.net/de/checkout2/
______________________________________________

Whois record for "secure-online-checkout.net":

Registrar: IP Mirror Pte Ltd
Registrar Whois: whois.ipmirror.com
Website: http://www.ipmirror.com
Domain Name: secure-online-checkout.net
Domain nameservers listed in order:
ns10.dnsmadeeasy.com
ns11.dnsmadeeasy.com
ns12.dnsmadeeasy.com
ns13.dnsmadeeasy.com
ns14.dnsmadeeasy.com


Registration Date: 2009-08-27
Expiration Date: 2013-08-27
Domain last updated on: 2012-08-14

Registrant Contact:
Organization: Premium Registration Service
Name: This domain is protected by SafestWhois(TM)
Street 1: 9 Hongkong Street
Street 2: #01-01
City: Singapore
Postal Code: 059652
Country: Singapore
Email Address: enforcement@safestwhois.com
Tel 1: 65.62220105
Fax: 65.62220210


Administrator Contact:
Organization: Premium Registration Service
Name: This domain is protected by SafestWhois(TM)
Street 1: 9 Hongkong Street
Street 2: #01-01
City: Singapore
Postal Code: 059652
Country: Singapore
Email Address: enforcement@safestwhois.com
Tel 1: 65.62220105
Fax: 65.62220210


Technical Contact:
Organization: Premium Registration Service
Name: This domain is protected by SafestWhois(TM)
Street 1: 9 Hongkong Street
Street 2: #01-01
City: Singapore
Postal Code: 059652
Country: Singapore
Email Address: enforcement@safestwhois.com
Tel 1: 65.62220105
Fax: 65.62220210


Billing Contact:
Organization: Premium Registration Service
Name: This domain is protected by SafestWhois(TM)
Street 1: 9 Hongkong Street
Street 2: #01-01
City: Singapore
Postal Code: 059652
Country: Singapore
Email Address: enforcement@safestwhois.com
Tel 1: 65.62220105
Fax: 65.62220210
______________________________________________

Whois record for "verifizierte-online-apotheke.de":

Domain: verifizierte-online-apotheke.de
Nserver: dns1.name-services.com
Nserver: dns2.name-services.com
Nserver: dns3.name-services.com
Nserver: dns4.name-services.com
Nserver: dns5.name-services.com
Status: connect
Changed: 2012-09-18T12:41:28+02:00

[Tech-C]
Type: PERSON
Name: Andreas Pohl
Organisation: Andreas Pohl Media Ltd.
Address: Sophienstrasse 95
PostalCode: 76131
City: Karlsruhe
CountryCode: DE
Phone: +1.439209323209
Fax: +1.323232323
Email: andreas-pohl@bund.us
Remarks: Created by LifeGuard at 4/16/2012 10:17:18 PM
Changed: 2012-04-17T07:17:17+02:00

[Zone-C]
Type: PERSON
Name: Andreas Pohl
Organisation: Andreas Pohl Media Ltd.
Address: Sophienstrasse 95
PostalCode: 76131
City: Karlsruhe
CountryCode: DE
Phone: +1.439209323209
Fax: +1.323232323
Email: andreas-pohl@bund.us
Remarks: Created by LifeGuard at 4/16/2012 10:17:18 PM


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK9769/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy