Customize

[False Alarm]Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

Discussion in 'Media' started by lulznw, Jun 16, 2008.

Thread Status:
Not open for further replies.
  1. DeathHamster Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    Here's a snapshot of CoS's move to Prolexic in January:
    TSnapshot-01-31-08.jpg
    (Note the move of religiousfreedomwatch.org and CCHR inside CoS's shielding.)
  2. XenuLovesU Member

    Re: URGENT NEWS! Scientology Operates Illegal Drug Selling Site - GetWellRX

    It looks like you're comparing old chan data that was still being collected just as the cutover from CoS netblocks to Prolexic was started. This info was being updated even while the move was underway.

    Remember, it looks like most of these drug web sites went bye-bye in 2006, so any Scilon box being given a Prolexic IP in 2008 that was previously associated with 'em is like comparing apples and oranges. The CoS didn't move all their sites to Prolexic at once.
  3. Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    mod, can you add the following ot OP:

    According to a source, getwellrx.com was a scientology run site.

    Now, having gone over the evidence, there is no conclusive proof that Scientology operated the IP address when the site was in service. There are several mysterious connections, but nothing conclusive.

    Please investigate (or not) at your leisure.

    Thanks.
  4. lulznw Member

  5. lulznw Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    anonymousguyfalkes,

    I'll do it for you (as OP) to make sure that it is clear.
  6. Re: URGENT NEWS! Scientology Operates Illegal Drug Selling Site - GetWellRX

    I'm just providing data. I'm not asking anyone to or making any inferences yet.

    Yes old data is old. But it is part of the puzzle.
  7. core Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    Okay, I've looked through those screenshots and looked into it myself (a little) and it LOOKS correct. Those domains look like they're hosted on the same dedi and are all connected to Scientology.
  8. I <3 OSA Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    :flowers:

    ...getting better.
  9. Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    thank you kindly. i sent a lot of addresses out. sending out that many "nevermind, we're investigating" won't work out too well.

    however, it will prove that we fact check ourselves.
  10. XenuLovesU Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    Not to dredge up an old thread, but if you want a list of netblocks Scientology DOES control directly (as opposed to the stuff just hosted at Prolexic), this should help:

    http://forums.whyweprotest.net/8-ed...nning-web-site-scilons-might-interested-2581/

    If you find a site selling drugs on one of THOSE networks, then I'd be all over it like white on rice.
  11. Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    I think this is a gotcha:

    Those are both current dns's going to the same IP address. This is conclusive, no?

    Also, the error page for getwellrx.com is a prolexic page. Meaning the DNS records point to the ip address, but Scientology had Prolexic turn it off at their level.
  12. Kilia Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    I'm totally intrigued with this!
    Nice sleuthing, Anons!
    :flowers:
  13. XenuLovesU Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    Can you be more specific about what you mean by "I can confirm their validity?" and "...are all connected to Scientology?"

    - Yes, the domains exist.
    - No, they don't use Prolexic's or Scientology's DNS servers.
    - No, the domains are not registered to the CoS, or even anyone with a shown connection to them.
    - Yes, old DNS records at domain registrars like domaincontrol.com point to a Prolexic IP address.

    None of that is in contention.

    Can anyone (PLEASE) show me a screen shot of a drug web site RUNNING on the same Prolexic box as a Scientology site? All I've seen are DEAD websites circa 2006 that used to be at an IP address now occupied by a bunch of CoS web sites, who took over the IPs in January, 2008.

    Where. Is. This. Connection?

    If a porn site were running on 222.222.222.222 two years ago, then shut down... and I decided to give a hosting provider my business tomorrow and they gave me 222.222.222.222 as my IP address... does that connect me to the porn site?

    How about if OMGPORN.HOTNESS.COM's DNS still pointed to 222.222.222.222 two years after the site went under, because the domain name and stale DNS hadn't been cleaned up? Does that connect me to the porn site?

    Anyone see what I'm getting at here?
  14. Whanonstler Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    See? We can have nice things!
  15. DeathHamster Member

  16. core Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    Obviously.

    Look again.

    A KNOWN connection.

    Up-to-date host checks point to a Prolexic IP address.

    The situation that you suggested is extremely highly unlikely, and nigh-on impossible.
  17. anophalus Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    very wrong

    [IMG]
  18. Hoo Phar Ted Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    THIS. I was thinking the same thing, if something can be connected via Scientologies own IP's then it is more conlcusive. In the mean time anything coming out of the 72.52.0.0 - 72.52.63.255, is NOT exclusive to Scientology, it IS exclusive to Prolexic. Due to the number of scientology sites that switched over all at once to Prolexic, yes they took up a few IP's with mutiple sites per IP, however those are still shared IP's. You are still looking at Prolexic as being a true hosting site, their not, they are a proxy hosting site. The DNS entries for the domains are switched to point to a Prolexic server, which then re-routes requests back to wherever scientology actually hosts their info.

    Depending on which service you pay for from Prolexic their are 3 diferent methods that they use :
    1. Simple proxy which is re-routing incoming traffic back to a domains own servers after cleansing/filtering the crap out.
    2. Use of GRE tunnels which again is re-routing but creates a more secure Virtual Private Network
    3. Direct circuits which form a Private Network type connection with Prolexic

    Within all three types, the Owners of the domain supply the network, servers, or link to hosted servers. Prolexic is meerly a go-between. And since they have a limited block of IP's they have to share them with a multitude of different sites/domains so they use NAT protocols internal to Prolexic to push the traffic to the correct servers. The outside IP, if from Prolexic, is meaningless.

    Up to now I still have seen no link between this getwellrx.com site and any scientology site, except for the fact that they have both used Prolexic. But I know alot of Fortune 500, and a couple Fortune 100, companies that use Prolexic too that I can say are not Sci-related, nor are they related to each other and some of them share IP's. So at this point unless there are doc's out there to support the actual link, or a link to Scientologies own IP ranges, this seems very tinfoil and a bit of a wild goose chase. No offense, as I am sure the OP means well.
  19. XenuLovesU Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    OK.

    DNS SERVERS FOR GETWELLRX.COM:

    getwellrx.com. 3600 IN NS ns17.domaincontrol.com.
    getwellrx.com. 3600 IN NS ns18.domaincontrol.com.

    (NOT PROLEXIC, NOT COS... example... ns17 is at 64.202.165.120)

    DNS SERVERS FOR NUMBERONEMEDS.COM:

    numberonemeds.com. 3600 IN NS ns29.domaincontrol.com.
    numberonemeds.com. 3600 IN NS ns30.domaincontrol.com.

    (NOT PROLEXIC, NOT COS)

    Compare to www.scientology.org's nameservers:

    scientology.org. 14192 IN NS ns2.prolexic.net.
    scientology.org. 14192 IN NS ns1.prolexic.net.

    ns1 = 209.200.164.3, a PROLEXIC IP address.

    WHOIS GETWELLRX.COM

    Registrant:
    Charles Lopez
    10625 SW 129 Court
    Miami, Florida 33186
    United States

    Registered through: GoDaddy.com, Inc. (Complete Web Solutions: domains, hosting, site builders and SSL.)
    Domain Name: GETWELLRX.COM
    Created on: 12-Jun-06
    Expires on: 12-Jun-08
    Last Updated on: 29-Oct-07

    Administrative Contact:
    Lopez, Charles charles_lopez@bellsouth.net
    10625 SW 129 Court
    Miami, Florida 33186
    United States
    (305) 386-4883

    Technical Contact:
    Lopez, Charles charles_lopez@bellsouth.net
    10625 SW 129 Court
    Miami, Florida 33186
    United States
    (305) 386-4883

    Domain servers in listed order:
    NS17.DOMAINCONTROL.COM
    NS18.DOMAINCONTROL.COM

    Scientology Statistics Database - Search Results

    Don't know what you mean by "up-to-date host check" -- but if you mean looking up one of the web site's DNS names and it coming back with a Prolexic IP... yeah, it does. That's because nobody's ever bothered to clean up the DNS records for these domains at domaincontrol.com (where the AUTHORATATIVE DNS records live). I'm not contesting that looking up these FQDN's returns a Prolexic IP. I totally agree that they do.

    Now, show me a drug web site alive at any of those IPs.
  20. DeathHamster Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    This!

    It just looks like stale domains with other people's name servers pointing to the IP addresses where the sites used to be a couple years ago.

    The owners of the IP addresses (Prolexic) have no control over who points their DNS at them. For a few years, 2600 had a domain like "fuckorganizedreligion.org" pointed at one of CoS's IP addresses.

    tl;dr: CoS moved into where the crackhouse used to be, and they still get mail for the pushers. (The neighbors say the place has gone downhill since CoS moved in.)
  21. Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    I need to see if you can do the following:

    pull up if getwellrx.com shared the same ip as volunteerministers.org or scientologyhandbook.org WHILE GETWELLRX.COM WAS LIVE.

    With that software, can you determine that?

    This is what will get us our win.
  22. Hoo Phar Ted Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    :rofl:
  23. Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    This is some win.
  24. Hostile Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    THIS EFFING THIS!

    that'd be the proverbial nail in the coffin for the site.

    if we did discover that getwellrx was scientology run, without any refutable stuff, we'd be able to open up a large gate for lawsuits and footbullets and mass media galore!
  25. anophalus Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    had to break this one into two pieces...


    In case anyone is curious of how the path continues
    [IMG]
    [IMG]
  26. XenuLovesU Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    ARGH! Would people PLEASE (pretty please) quit using web-based lookup tools that are not authoratative and use crappy cached data?

    Here is a full DNS trace, from a TLD server on down, showing which servers are the authoratative DNS servers in this case:

    dig +trace getwellrx.com ns

    ; <<>> DiG 9.3.4 <<>> +trace getwellrx.com ns
    ;; global options: printcmd
    . 357501 IN NS J.ROOT-SERVERS.NET.
    . 357501 IN NS K.ROOT-SERVERS.NET.
    . 357501 IN NS L.ROOT-SERVERS.NET.
    . 357501 IN NS M.ROOT-SERVERS.NET.
    . 357501 IN NS A.ROOT-SERVERS.NET.
    . 357501 IN NS B.ROOT-SERVERS.NET.
    . 357501 IN NS C.ROOT-SERVERS.NET.
    . 357501 IN NS D.ROOT-SERVERS.NET.
    . 357501 IN NS E.ROOT-SERVERS.NET.
    . 357501 IN NS F.ROOT-SERVERS.NET.
    . 357501 IN NS G.ROOT-SERVERS.NET.
    . 357501 IN NS H.ROOT-SERVERS.NET.
    . 357501 IN NS I.ROOT-SERVERS.NET.


    com. 172800 IN NS M.GTLD-SERVERS.NET.
    com. 172800 IN NS A.GTLD-SERVERS.NET.
    com. 172800 IN NS B.GTLD-SERVERS.NET.
    com. 172800 IN NS C.GTLD-SERVERS.NET.
    com. 172800 IN NS D.GTLD-SERVERS.NET.
    com. 172800 IN NS E.GTLD-SERVERS.NET.
    com. 172800 IN NS F.GTLD-SERVERS.NET.
    com. 172800 IN NS G.GTLD-SERVERS.NET.
    com. 172800 IN NS H.GTLD-SERVERS.NET.
    com. 172800 IN NS I.GTLD-SERVERS.NET.
    com. 172800 IN NS J.GTLD-SERVERS.NET.
    com. 172800 IN NS K.GTLD-SERVERS.NET.
    com. 172800 IN NS L.GTLD-SERVERS.NET.
    ;; Received 503 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 166 ms

    getwellrx.com. 172800 IN NS ns17.domaincontrol.com.
    getwellrx.com. 172800 IN NS ns18.domaincontrol.com.



    Don't know any way to show that any more conclusively. There's the trace of my lookups starting at the very, very top at a TLD server.
  27. Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    the real question isn't where it points to now. The real question is, when it was operational, did any other scientology sites run off the same ip.

    This would be the nail in the coffin either way.
  28. DeathHamster Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    The CoS sites were previously in IP ranges owned by Cthurch of Scientology Int. I have no information on getwellrx.com's IP at the time, but I doubt it was sharing a CoS server in the HGB basement in LA. I see no win.

    Best I can offer right now is a Church of Scientology mission on a Narconon site:
    Church of Scientology Mission of Los Feliz
  29. Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    GetWellRX.com was operation in June of 2006.

    So, I found two sites that had the same IP address: 72.52.6.28

    Did volunteerministers.org or scientologyhandbook.org resolve to 72.52.6.28 in June of 2006?

    Can we find out that much?
  30. blizter Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    Please, stop the witch hunting. This is making you look bad. I remember I saw anony-MATE on the irc 2-3 months ago.
  31. lulznw Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    This is just a chance? Maybe... but worth investigating still like I said.

    Numberonemeds.com = Same IP as Freedmonmag.org
    Numberonemeds.com = Wise.org SSL Certificate
    Numberonemeds.com = Moved to same host as TomCruise.com (GoDaddy) and is currently on the shared hosting while using the private Scientology IP and SSL Certificate.
    Host : Resin/3.0.21

    GetWellRX.com = Same IP as Scientology.com
    GetWellRX.com = secure.scientology.net SSL certificate
    GetWellRX.com = Moved to the same host as TomCruise.com (GoDaddy) and is currently on the shared hosting while using the private Scientology IP and SSL certificate.
  32. Anon123456 Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    after reviewing the thread, it seems like old DNS data. beyond the actual lookups that pretty much prove that, it seems to me the biggest opponent of drug use would not want to have anything to do with an online pharmacy. in my opinion there is no connection besides old data that has not been cleaned up. im sure it happens quite often.

    has anyone spoken to prolexic or are we still in speculation mode? a 1 min call to them could solve this whole mystery.
  33. Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    Hey, the certificate can be copied by a clever hacker, and anyone can point a domain they bought to someone else's site.

    We're looking for more than conjecture.
  34. XenuLovesU Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    I give up.

    Official Tom Cruise Website: Tom Cruise Movies, Biography, News, Pictures, Video, Photos, and Actor Filmography is on two servers at:

    Those IPs have NOTHING TO DO WITH PROLEXIC, SCIENTOLOGY, MED SITES, WHATEVER. They don't share the same IP address... FFS, they're not even on the same netblock. They don't share an SSL certificate either.

    NetRange: 72.246.0.0 - 72.247.255.255
    CIDR: 72.246.0.0/15
    NetName: AKAMAI-ARIN-1
    NetHandle: NET-72-246-0-0-1
    Parent: NET-72-0-0-0-0
    NetType: Direct Allocation
    NameServer: ACCESS.AKAMAI.COM
    NameServer: YA.AKAMAI.COM
    Comment:
    RegDate: 2005-03-14
    Updated: 2007-03-14

    Please, for the love of Xenu, unless you know what you're talking about... [deep breath] stop. You're putting up all kinds of WRONG information and stating it as fact.
  35. apownymous Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    Edit: Disregard that, I suck cocks!
  36. lulznw Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    XenuLovesU,

    I said he uses the same host, and specifically wrote GoDaddy.com, as their current host and both use the Domains by Proxy server to hide their identity.

    And I only mention the TomCruise because someone asked if theirs any link at all to current hosts and thats a current link even if not much it is some link... That's why I posted it.

    Whois Record for TomCruise.com

    Registrant:
    Domains by Proxy, Inc.
    DomainsByProxy.com
    15111 N. Hayden Rd., Ste 160, PMB 353
    Scottsdale, Arizona 85260
    United States

    Domain Name: TOMCRUISE.COM
    Created on: 06-Nov-96
    Expires on: 04-Nov-16
    Last Updated on: 28-Apr-08

    Administrative Contact:
    Private, Registration
    Domains by Proxy, Inc.
    DomainsByProxy.com
    15111 N. Hayden Rd., Ste 160, PMB 353
    Scottsdale, Arizona 85260
    United States
    (480) 624-2599 Fax -- (480) 624-2599

    Technical Contact:
    Private, Registration
    Domains by Proxy, Inc.
    DomainsByProxy.com
    15111 N. Hayden Rd., Ste 160, PMB 353
    Scottsdale, Arizona 85260
    United States
    (480) 624-2599 Fax -- (480) 624-2599

    Domain servers in listed order:
    NS51.DOMAINCONTROL.COM
    NS52.DOMAINCONTROL.COM

    Whois Record for NumberOneMeds.com

    Registrant:
    Domains by Proxy, Inc.
    DomainsByProxy.com
    15111 N. Hayden Rd., Ste 160, PMB 353
    Scottsdale, Arizona 85260
    United States

    Domain Name: NUMBERONEMEDS.COM
    Created on: 07-Aug-06
    Expires on: 07-Aug-09
    Last Updated on: 31-Oct-07

    Administrative Contact:
    Private, Registration
    Domains by Proxy, Inc.
    DomainsByProxy.com
    15111 N. Hayden Rd., Ste 160, PMB 353
    Scottsdale, Arizona 85260
    United States
    (480) 624-2599 Fax -- (480) 624-2599

    Technical Contact:
    Private, Registration
    Domains by Proxy, Inc.
    DomainsByProxy.com
    15111 N. Hayden Rd., Ste 160, PMB 353
    Scottsdale, Arizona 85260
    United States
    (480) 624-2599 Fax -- (480) 624-2599

    Domain servers in listed order:
    NS29.DOMAINCONTROL.COM
    NS30.DOMAINCONTROL.COM
  37. anon345 Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    Any chance of a threadlock?

    Failing that, can a mod at least put some info in the OP.

    K, thanks.
  38. Vir Member

    16ap4x5.jpg
    For lulznow's sake I say throw this whole thread into the trash. (NOT THUNDERDOME.*) If he cares about his identity and seniority so much, then maybe just the wins should remain and this fail should be sent into the anals (sic) of history.

    I want to post goatse in this thread without being getting infractions for it.

    False positives turn up in research, it's no big deal if you prepare for it.

    When I read the OP it had all this &quot;here are all the information I've found before, so trust me on this ball of badly researched stuff and cry wolf to the media and law enforcement&quot;. In fact, for a minute I thought the OP looked like a dead agent bait. Law enforcement has just as little need for mistaken reports as the media does, so anyone who sent something needs to apologize. And then maybe never contact anyone under that identity again.

    It WOULD be interesting if the CoS were sending vitamins instead of the real prescription drugs to people, except as I said earlier this looks like stale DNS. Go ahead and do the host file thing, or even better register an anon domain and point it to the IP (but don't break anybody's Terms of Service in doing so please).

    And I too work with computer and network configuration.

    Most likely that's not what's happening. SSL only likes to have one domain per IP, so most likely what you're seeing is that the request comes in, the SSL certificate communication takes place, and only THEN does it ask for which domain name you're looking for. That's why if you enter https: instead of http: in front of any domain name which is on that IP, the one scientology is renting - then SSL will tell you you're using Scientology's secured server certificate no matter which one of the domains on that IP you're using.

    (One physical server can have many IPs, and one IP may have many domain names. I know this because I've set this kind of thing up myself. At least 20 unique IPs, each with their own SSL certificates on the same desktop PC.)

    *: If somebody sent media to this thread, they deserve an apology for wasting their time.
  39. Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    I just want this answered before threadlock.
  40. XenuLovesU Member

    Re: Illegal Drug Selling Site GetWellRX - Possible ties to Scientology

    I'm going to go out on a limb here and guess you don't know the difference between a WHOIS record, an ARIN netblock, a forward DNS zone, and an in-addr.arpa zone and how all these things work together?

    That's not a smart-assed remark either. I'm saying that you're going off on some wild tangents that just are not supported by these records... and it's confusing the living daylights out of people. You're saying things that don't make sense -- and that are really clearly contradicted by looking the information up, using the right tools, in the right places.

    I'm riding you and this thread pretty hard because I don't want to see us get burned by coming to a conclusion (especially one so hugely accusatory) without clear data to support it.

    Honestly, I'd be tickled pink if you find proof that the CoS had some connection to peddling drugs on the internet. It would blow them out of the water.

    I'll back out of this thread now, 'cause I'm repeating myself. Please, everyone, if you move forward with this one, take it slowly and don't level any accusations until you've got something really solid.
Thread Status:
Not open for further replies.

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins