TOKYO (MacHouse) – It’s not rare to see pharmacy channels at YouTube these days. For example, there are two such channels that we found at YouTube. One is DenielSaban’s Channel and the other Billviagradone’s Channel (See Screenshot 01-2.). There are more. A cyber terrorist group behind the website of pills-deals.com often advertises their YouTube channels through spam comments sent to blogs and forums. (See Screenshot 03.) Many webmasters know that. You don’t run a website? If you don’t, there’s an easy of finding these pharmacy channels at YouTube. Just ask YouTube’s parent company Google. If you ask Google about ‘youtube pills-deals.com,’ you can easily find a couple of such pharmacy channels. (See Screenshot 04.)
 Screenshot 01 – Source: YouTube |
 Screenshot 02 – Source: YouTube |
 Screenshot 03 – Source: MacHouse |
So I wonder if the webmaster of the fake online pharmacy store at pills-deals.com has a partnership deal with YouTube? We have a bitter experience in this respect. Our YouTube videos as a whole have been watched more than a million times despite the fact that we have never sent an invitation to anyone. Naturally, YouTube found our channel several months ago. And they invited us to their partnership program. But they rejected us by saying that we were from China, which isn’t true, and then that we aren’t eligible after all.
Anyway, if you are thinking about buying anything from this fake online pharmacy store, don’t. It’s been around for a while. But it’s nothing about a fake online store collecting credit card information just like the fake one under the name of Canadian Health Care that we featured in the last report.
 Screenshot 04 – Source: Google |
 Screenshot 05 – Source: pills-deals.com |
 Screenshot 06 – Source: MacHouse |
It’s not very difficult to find out that the pharmacy store website of pills-deals.com is fake. If you go to its checkout form, it says ’100% SECURE CREDIT CARD TRANSACTION.’ But it’s not secure because it comes with no secure layer. (See Screenshot 05.) If you enter a credit card number, the order form won’t process your order because it’s only designed to collect information.
We know and many people know that this is a fake online store. Or do we? If we do, why is it still around? That’s mostly because victims don’t go after the cyber terrorist group behind this fake online store. Can WE destroy the website? We don’t know. That’s possible. Do we want to do it? Oh, no. MacHouse isn’t even a victim. Our main terminal is about to retire, anyway. So we won’t.
We can say that this cyber terrorist group is good at hiding the web host of the fake pharmacy store website. If you lookup its domain, it comes with 6 nameservers. They are ns1.adverdomain.com, ns2.adverdomain.com… (See Screenshot 06.) If you run a traceroute search on ns1.adverdomain.com, it will give you the IP address of 201.218.250.171. (See Screenshot 07.) This IP address appears to be located in Panama. In the meantime, if you look up this domain at DomainTools, the website seems to be hosted in Turkey. (See Screenshot 08.) We also used VisualRoute to locate the web hos of the fake pharmacy store website. The location is also tracked to Turkey with the IP address of 79.135.167.15. (See Screenshot 09.)
 Screenshot 07 – Source: MacHouse |
 Screenshot 08 – Source: domaintools.com |
 Screenshot 09 – Source: MacHouse |
Furthermore, that IP address appears to belong to a Turkish network company called sistemnet telekom. It’s not a web hosting company. That’s as far as we can go with tracing nameservers.
 Screenshot 10 – Source: Sistemnet Telekom |
 Screenshot 11 – Source: pills-deals.com |
 Screenshot 12 – Source: MacHouse |
Finally, there’s something interesting about this fake online pharmacy store hosted at the domain of pills-deals.com. At the very bottom of the checkout page, there is a contact e-mail address. It’s support@canadamedsupport.com If you look up this domain, its nameservers are designated as ns2.xinnet.cn and ns2.xinnetdns.com. XinNet Technology… Ahh, it’s a notorious Chinese domain registrar.
References:
Chinese Comedy: Fake Canadian Health Care Pharmacy Store Hosted at a Chinese Domain with Microsoft Certification
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
