Threat Intelligence Blog

Posted October 18, 2018

When it comes to online shopping, the majority of consumers know to avoid “too-good-to-be-true” deals, yet online pharmacies have been mostly immune to this mindset.

Online pharmacies sound like a dream come true – they offer cheaper prices and conveniently bypass American red tape. However, certain storefronts like Canadian online pharmacies can pose a serious threat. Under further investigation, they lead to a deeply consequential Internet rabbit hole.

On the surface, some of these sites actually look trustworthy. Canada-pharm-online24[.]com, for example, has everything from antibiotics to painkillers that you can buy online. The website is visually attractive and provides a sense of professionalism – all tactics to build your trust in the shop’s legitimacy.

From the homepage, you’d never think this online pharmacy is Russian-made and hosted in Lithuania. It should raise some alarms as the FDA admits they do not know where these products are being sourced. The average consumer looking to purchase prescription drugs through cheaper channels has no real assurances of what they’re purchasing and from whom.


You can buy painkillers online but avoid Russian online pharma

LookingGlass recently tracked down and reported 68 Russian online pharmacies to authorities. These international online pharmacies posed as legitimate Canadian pharmacies, selling ‘authentic’ brand-name drugs from reputable and popular American-made pharmaceutical companies. While there are legitimate Canadian online pharmacies, there are none that legally ship drugs. Instead, these illegitimate storefronts source from outside of Canada from places that are not licensed pharmacies, or the drugs are shipped from locations such as India, Turkey, or South East Asia to a man-in-the-middle country that is perceived “safe.”[1]

It should raise alarms to anyone purchasing drugs from an online pharmacy if the FDA cannot verify where the products are being sourced.

Further investigations revealed these suspicious sites originated in Moscow. An example of such a site is firstmed365[.]com, which is hosted in Lithuania and associated to an Ivan Sergeev, a possible pseudonym, as well as a name associated with many of these Russian pharmacies. We suspect this campaign could have started as early as, or even before, March 2018.

Online pharmacy scams pose a serious threat to the average unassuming online consumer and can lead to severe and potentially life-threatening consequences. In an effort to stop these shady websites, LookingGlass has reported illegitimate Russian pharmacy websites that we’ve discovered to the abuse centers of registrars and hosting providers such as Cherryservers2-AS, Cloudie Limited, Hetzner-AS, Ovh, HZ-CA-AS, Servercrate, Hosthatch, Inc, DC74 LLC, Quasinetworks.

As for U.S. efforts, the FDA has said, “Illegal online pharmacies put American consumers’ health at risk by selling potentially dangerous products”[2] and is taking strides to fight these online pharmacies. Here are their suggestions to help avoid a problematic online pharmacy.

According to the FDA, the following are signs of a fake online pharmacy, beware of online pharmacies that[3]:

  • Allow you to buy drugs without a prescription from your doctor
  • Offer deep discounts or cheap prices that seem too-good-to-be-true
  • Send spam or unsolicited email offering cheap drugs
  • Are located outside of the United States
  • Are not licensed in the United States

In addition to the sites listed in Appendix A, at one time you could buy painkillers online at first-meds24[.]com, helpfulmedstore[.]com, and cialisviagrasaletabs[.]com but as of this posting, these Russian online pharmacies have already been shut down. Their generic naming scheme should be noted, as they usually do not steer too far from names that convey a lack of serious marketing and strong branding.

Not only do online pharmacies pose a risk to individual consumers’ health, but their existence also poses greater consequences for healthcare and pharma businesses. Online brand impersonation is not a joke and can destroy your brand’s reputation and credibility – ultimately costing your bottom line.

To learn more about how LookingGlass can protect your brand from impersonation, brand abuse, and more, contact us.



Hosting Providers


55933 – CLOUDIE-AS-AP Cloudie Limited, HK

24940 – HETZNER-AS, DE

16276 – OVH, FR

201525 – HZ-CA-AS, BG

20150 – AS20150 – ServerCrate, US

63473 – HOSTHATCH – HostHatch, Inc, US

17216 – DC74-AS – DC74 LLC, US


20150 – AS20150 – ServerCrate, US

Additional Posts

Keeping Our Nation’s Lights On… Cyber Threat Intelligence to Safeguard our Infrastructure

Imagine if our national electrical grid were to stop functioning with no immediate hope of ...

Code Blue 2018

CODE BLUE is an international conference where specialists gather to give cutting edge talks, a ...