information VPN.com LLC has filed a multimillion lawsuit

[Lox]

VPN.com LLC has filed a multimillion lawsuit against long time domain investor George Dikian (California), Qiang Du (Hong Kong) and John Doe at the US District Court (California).

The lawsuit involves a $250,000 payment in Bitcoin and $6.625 million in owed commissions on multiple transactions involving 96 premium 2N.com and 3N.com domains.

read more

 

[jberryhill]

While this alleged scam seems to have involved a fake buyer + fake seller + fake escrow = (to) scam the broker, I couldn't even imagine what this shit show would look like if Du is/was a real buyer that lost $2mil+ to intermediar, and what type of scrambling a broker would be doing if they contributed to their client losing $2mil to a fake escrow website.

You left out the punchline, Chris. The entire transaction was an imaginary structure to get the broker into a classic 419 advance fee scam, but the broker is also suing to recover his commission on the deal!

To make this a little simpler - imagine that you answer one of those emails where a Nigerian widow has $20 million dollars in a box being held in a security company in Spain. If you sign up as her US agent, then she will give you $5 million dollars. All you have to do to receive the box is to pay the $500 release fee to the security company from a US bank account.

You pay the $500, and nothing happens, so you realize you were scammed.

Then, you go and file a lawsuit against a Nigerian widow for $5,000,500, to recover your advance fee along with your share of the non-existent $20 million.

It reminds me of the end of the film Idiocracy where Fredo admits he knew the time machine wouldn't really work, but he wanted all that money...

 

[jberryhill]

I mentioned previously that we had only heard one side of the story.

An answer has been filed. The way that legal pleading works - just nailing down the basic factual outlines of what the plaintiff alleges, and what the defendant disputes, is fairly simple. It is not a process of argument, so much as simply identifying, in the complaint, where the defendant agrees, disagrees, or has insufficient information to respond (or where the complaint alleges a legal proposition instead of a factual one, in which case no response is required).

This answer, however, takes an interesting tack toward sketching out the arguments to come.

https://storage.courtlistener.com/recap/gov.uscourts.cacd.855964/gov.uscourts.cacd.855964.33.0.pdf

"On information and belief, based upon the
admissions in Plaintiff’s Complaint, it is Plaintiff that attempted to commit one
completely fraudulent domain name transaction. Apparently blinded yet guided
by nothing but greed, Plaintiff alleges that it was defrauded of some $250,000
worth of bitcoin (as of May 4, 2022 – worth about half that amount now), in the
process of perpetrating its own fraud, by which Plaintiff hoped to extract a
$2,150,000 so-called “commission” as an undisclosed dual agent for both parties
to the fictional transaction.

...

Dikian admits that Dikian is the professional alias identity of a well
known domain name investor and reseller. Dikian lacks knowledge or
information sufficient to form a belief as to the truth or falsity of the remaining
allegations of this Paragraph, and therefore denies the remaining allegations of
this Paragraph. On information and belief, based upon reasonable investigation,
the purported “escrow service” Intermediar.com was an obvious fraud that could
never be trusted in any transaction. For example, the purported escrow service
website contained a purported blog, with text that was simply copied and pasted
from other industry websites, such as Namecheap and Dan.com. More
significantly, in the website’s purported “Terms of Service”, no person or legal
entity was identified, the address was stated as a 14-story office building, and
there was no such registered company in the Netherlands as “Intermediar.com”
identified in the terms of service on the site (which also consisted of copied text
from a site called Paylax). These two facts make it immediately obvious that the
Intermediar.com website consisted mostly of text copied from other sites, and
failed to identify any existing person or legal entity of any kind which might be
held accountable. Yet, on information and belief based upon the allegations in
the Complaint, Plaintiff sought to conduct a transaction worth more than $6
million through this obviously fake “escrow service.” On information and belief
based upon experience in the domain name industry, such “fake escrow scams”
have been perpetrated and revealed publicly many times in the industry over
many years. Any purportedly professional domain name broker, as Plaintiff
purports to be, would never utilize such a “new” and obviously fraudulent
“escrow service” for any significant transaction.

...

On information and belief, based on long
experience in the domain name industry, it is unconscionable for any domain
name broker to charge a nearly 100% commission (based on the sales price) in
any transaction. Typical domain name brokerage commissions for multi-million
dollar transactions are in the range of 5% to 15%. Dual agency transactions such
as that described by Plaintiff are highly discouraged, if not illegal. Dikian states
that he has never and would never agree to any transaction proposed by a dual
agent disclosing a nearly 100% commission on the sales price.

...

Dikian denies that he has ever owned any bitcoin, transacted in
bitcoin, or operated any bitcoin wallet.

...


Dikian admits that on May 11, 2022, Dikian notified Plaintiff by
email from the email address [email protected], that the purported 89.com
transaction was not initiated nor agreed by Dikian, and that Dikian did not
receive any bitcoin from Plaintiff.

...

Dikian alleges that each and every cause of action stated in Plaintiff’s
Complaint is not brought in good faith, but for an improper purpose, and is
brought without reasonable cause, and is frivolous in nature, thereby subjecting
Plaintiff and/or Plaintiff’s counsel to the imposition of sanctions pursuant to
Rule 11 of the Federal Rules and/or the Court’s inherent powers."

---------

So, it would appear that we have a very sharply-defined contrast between the allegations of the Plaintiff and the contentions thus far of the Defendant.

The answer and the complaint merely mark the beginning of a lawsuit. The Plaintiff has made its claim and the Defendant has admitted or denied the various factual bases of the complaint.

No doubt the contentions of the parties are going to be resolved on facts yet to be known.

But how if it will be proofed that the emails are spoofed, and they realize that they had sued the wrong person?

Quite often, when someone is highly invested in a particular interpretation of their perception of the facts, it can be extremely difficult for that person to move from their interpretation even when strong evidence points to an error in either their perception of the facts or their interpretation of them. If you read comprehensive analysis reports of things like airplane disasters or industrial accidents (the Three Mile Island nuclear plant is a great study), you will often find someone who has made up their mind about the situation and continues to act on that conclusion even when they should have noticed their initial conclusion was incorrect.

The more interesting question is what sort of evidence is going to be available. I can think of quite a few things that should be subpoenaed from third parties. Obviously, the email providers, domain registrars, hosting service for intermediar, and so on, if the relevant logs still exist, will provide important information about access times and IP addresses. Of course, the users of the accounts may have used VPN's which, in itself, would be interesting in this particular context. But having seen hacked accounts from a service provider perspective, it is typical that the authorized user can be distinguished from the unauthorized one, merely by the patterns and methods of access (IP address, times of day, frequency, type of activity, metadata such as browser/device/software information, and so on).

Another interesting approach, if there is not a lot of technical data, is to look at Dikian himself. Obviously, VPN has email records with times and dates on them. Just as obviously, Dikian will possibly have records which make it unlikely for him to have been sending emails at those dates and times, unless you want to buy the proposition that Dikian was pretending to impersonate himself, or some crackers hypothesis like that. Additionally, here we also have written material from the alleged impersonator. There are methods by which, if provided with a collection of emails written by the actual George Dikian, the denied correspondence can be statistically and linguistically analyzed to determine the likelihood of authorship by Dikian. Even without Dikian, the emails can be analyzed for things like probable native language of the author (if not English), among other textual indicators of identity.

Finally, it is worth noting that "George Dikian" is apparently a business or professional name of the person in question. We live in a world where if you ask someone who is Issur Danielovitch Demsky or Marion Robert Morrison, you get a lot of shrugs.

Maybe someone else can tell us about Issur Danielovitch Demsky, Marion Robert Morrison, or a big favorite who might be more recognizable to a younger crowd, such as William Jefferson Blythe III.

But the versions of reality are quite distinct. Either Mr. Gargiulo is mistaken or Mr. Dikian is a thief.

Which reality do you believe to be more likely, and why?

 

[GeorgeK]

Today, a "Joint Rule 26(f) Report" was filed in the case:

https://freespeech.com/2023/01/27/vpn-com-v-george-dikian-court-case-update-of-january-27-2023/

which is an excellent introduction to the dispute for those not following it from the beginning, as it summarizes the case from the point of view of each side.

 

[jberryhill]

A minor skirmish has erupted in Florida over a subpoena served on Bodis. A motion to quash the subpoena was filed in the US District Court for the Middle District of Florida, along with a motion to transfer it back to California.

https://storage.courtlistener.com/recap/gov.uscourts.cacd.888469/gov.uscourts.cacd.888469.1.0.pdf

The transfer motion was granted and the motion to quash remains to be decided:

https://storage.courtlistener.com/recap/gov.uscourts.cacd.888469/gov.uscourts.cacd.888469.8.0.pdf

 

[DomainNameWire]

You were correct. The court filing revealed that the person is "Eitan Z"

That's a very stand-up response. Thanks for leading by example.

...

I'm too tired to go in detail with an attempt to connect circumstantial Dikian dots, but for anybody that's been following along, there may be some interesting bread crumbs in Yahoo! Inc. and GeoCities v. Eitan Zviely a/k/a comyahoo.com, et al.

https://www.adrforum.com/domaindecisions/162060.htm


https://www.cnet.com/tech/services-and-software/microsoft-sues-over-misleading-domains/


https://cent.ischool.syr.edu/wp-content/uploads/2014/05/markle-report-final.pdf
Show attachment 228659

...

Show attachment 228660

 

[jberryhill]

Catching up on recent events, in case anyone is still interested in this case....

VPN has filed a motion to file an amended complaint, naming "Eitan Z." as the defendant. A copy of that motion is here:

https://storage.courtlistener.com/recap/gov.uscourts.cacd.855964/gov.uscourts.cacd.855964.61.1.pdf

A redline of the original and newly-amended complaint is here:


https://storage.courtlistener.com/recap/gov.uscourts.cacd.855964/gov.uscourts.cacd.855964.60.3.pdf

Significantly, VPN is no longer looking for a "broker commission":

But has decided to engage in some mudslinging:

Of course, the Defendant is not the only party in this action to have been previously party to a cybersquatting proceeding. So, if the idea is to attack the Defendant's credibility or reputation on that basis, it might not be the best route, given some other public records...

https://storage.courtlistener.com/recap/gov.uscourts.nysd.428233.26.0.pdf

In any event, pending the operation of the legal principle of "Qui Comaroundus, Goaroundum", the Defendant has filed a paper stating that he does not object to the amended complaint.

The next step will be for the Defendant to file an answer to the complaint.

One curious aspect of the case, at least to me, was the omission of counterclaims by the Defendant, in view of public statements made by the Plaintiff making various accusations against him. While those sorts of statements are protected in legal proceedings, filing a paper in court and making statements out of court are two different things. It seems the Defendant, seeking to maintain his privacy, chose not to allege the obvious counterclaims. Now that the feline is out of the sack, the next steps would be for the court to approve filing the amended Complaint and then for the Defendant to answer and potentially counterclaim.

 

[jberryhill]

And, as happens to most civil lawsuits:

 

[jberryhill]

 

[Chris Hydrick]

But how if it will be proofed that the emails are spoofed, and they realize that they had sued the wrong person? It will be a double loose for their reputation...

Based on the information provided, it appears the emails weren't spoofed; it appears to be emails sent from the legit domain owners WHOIS listed yahoo email, but it hasn't been definitively proven if the email address was compromised or not. The CQD.com case referenced in my last post wasn't from spoofed emails, but rather from an alleged hacker allegedly compromising the yahoo email address belonging to the CQD.com domain owner. That cqd hacker left filters to send all emails mentioning "cqd.com" and other filters, attempting to ensure any cqd.com correspondence went directly to trash, so not to trigger the email/domain owner of the compromise.

 

[Chris Hydrick]

In light of this intermediar stuff, and considering epik/masterbucks issue VPN.com might want to consider updating their Vpn.com/Escrow review page.

 

[Future Sensors]

I have asked x person to make in-person visit and there is no record of renting the office (po box) in Beethovenstraat building.

Ty @Lox!

On May 1st 2022, I've also removed the entry for that company from Google Maps (accepted).

 

[jberryhill]

So if it's determined emails weren't spoofed, and emails were sent to/from [email protected] without the real Mr. Dikians knowledge, it seems for Mr. Gargiulo to be mistaken, then Mr Dikians accounts or emails would have to had been accessed by somebody (likely a bitcoin thief?) without the real Mr. Dikians authorization?

Yes. That's a common pattern. You get into the email account, don't change anything, and simply use automated notifications to conduct correspondence with others while deleting the received and sent comms from the account as you go. It takes a real level of dedication, and perhaps more than one person at the switch, but it is something that happens.

 

[AEProgram]

I still can't find any historical hits for [email protected]. Wondering if it's a long time use email, or if it was just a throwaway gmail address?

if an email is not in the haveibeenpawned db it probably hasn't been used much. Use that site to search those email and also note when you see a . in a gmail address, try searching it without the . too. Gmail lets you add . as much as you want.

 

[jberryhill]

Fun times....

"RPI" - Real Party in Interest

https://storage.courtlistener.com/recap/gov.uscourts.cacd.855964/gov.uscourts.cacd.855964.50.0.pdf

 

[jberryhill]

What could plaintiff gain from having defendant's name made public, if they apparently already know who this very private elderly man is?

Settlement leverage. Basically, finding out how much it is worth to the defendant not to be identified.

The positions are pretty clear:

Dikian - Someone hi-jacked my email and ripped you off. I don't owe you anything, and I'm a victim of the hacker too.

VPN - At the very least, I was harmed by your lack of security precautions around your email. You should have known and warned me sooner.

Dikian's identity is a tangential issue. It is worth litigating merely because it may be worth something to Dikian to remain private.

I'm new here but How Often do Lawsuits like this happen?
What I mean is, How often do Companies sue Domainers? Is it a rare thing or is it something common?

I'm not sure what you mean by lawsuits "like this". This is a domainer-on-domainer lawsuit.

As far as "how often," I wouldn't know how to quantify that. It's not as if anyone ever calls me up to say, "Everything's going fine and I don't need legal help."

Do businesses of all kinds sue others and get sued? Sure, every day.

 

[jberryhill]

This was probably explained before, but when you use a pseudonym on whois, isn't that wrong information?

People use professional names, unregistered business names, nicknames, etc., all of the time.

In any event... the court has denied the motion to proceed under the claimed business name, but will limit defendant's identification to his first name and last initial:

https://storage.courtlistener.com/recap/gov.uscourts.cacd.855964/gov.uscourts.cacd.855964.59.0.pdf

The Court will, however, allow Mr. Dikian to proceed under his true first name and
last initial at this time. Accordingly, Plaintiff may file an Amended Complaint
naming Defendant only by his first name and last initial. If, though, this case
proceeds to trial, Mr. Dikian will likely need to proceed under his real (and full)
name.


The last time I did that, someone wrote a song about me.

 

[jberryhill]

Things have taken a dramatic turn, in a new filing requesting to modify deadlines in the proceeding....

https://storage.courtlistener.com/recap/gov.uscourts.cacd.855964/gov.uscourts.cacd.855964.64.2.pdf

some more detail on that...

 

[Business Brands]

No drama please

 

[jberryhill]

New filing:

https://storage.courtlistener.com/recap/gov.uscourts.cacd.855964/gov.uscourts.cacd.855964.30.0.pdf

VPN had been working on its default judgment motion when counsel for the Defendant George Dikian (“Defendant Dikian”) reached out to VPN’s counsel to discuss the case, the possibility of expedited discovery, as well as other case management issues. At Defendant Dikian’s request, VPN agreed to temporarily delay the filing of its default judgment motion while discussions took place. Due to disagreements over certain conditions sought by Defendant Dikian, relating to the exchange of expedited discovery and alleged privacy concerns related to Defendant Dikian making an appearance in the case, those discussions ended up taking longer than anticipated. The parties had been working on a timeline of next steps when Your Honor issued the OSC. Due to the OSC, VPN requested Defendant Dikian formally appear in the case, and VPN also agreed to set aside the entry of default against Defendant Dikian and allow until December 9, 2022, for Defendant Dikian to respond to the Complaint.


So it sounds as if they are working to manage the next procedural steps.

 

[Chris Hydrick]

Was it ever determined if/how @VPN.com had verified they were approached by the real Qiang Du?

Per the OnlineDomain.com article

It all started on March 8, 2022, when VPN was approached by Du, who, upon information and belief, owns the entity called ZTE Holdings (中興新) (“ZTE”). Du stated that ZTE was interested in purchasing the domain name <89.com> (“89.com”) and sought VPN’s help in identifying the owner and facilitating the transaction (the “Intermediar Transaction”).

I don't know much about Qiang Du or ZTE Holdings, but I noticed DomainNameWire.com had published a 2017 article where Qiang Du filed a lawsuit against John Doe for the alleged theft of BSH.com, which he claimed to have paid $100k for in 2016. (I don't know the outcode to that suit)

The VPN lawsuit lists Du's email address as <rhwdomains(@)gmail.com> but I can't seem to find any online record of that email address, besides that email being listed in VPNs lawsuit.

This is where it gets sketchy... alleged Du (the buyer) agrees to the acquisition price of $4.4mil. alleged Dikian (the seller) agrees to accept 2mil from alleged Du through intermediar, and VPN (the broker) agrees to accept $2.15mil in broker commission and VPN agreed to directly send alleged Dikian $250k in bitcoin after intermediar released VPNs broker commission.

After several rounds of negotiation with Du, Du agreed on an acquisition price of $4,400,000 to be paid by Du. VPN’s net proceeds for brokering the deal would be $2,150,000.

After further back and forth with Dikian on this issue, Dikian agreed to accept $2,000,000 in USD from Du through Intermediar and $250,000 in a direct Bitcoin payment from VPN, which VPN would send after its Broker commission payout was released by Intermediar.

On April 23, 2022, Intermediar confirmed that Du had partially funded the transaction by depositing $2,200,000 into Intermediar. This confirmation was false.

Come May, it appears at some point, VPN did send the alleged Dikian BTC, but given VPN was demanding intermediar release VPN's commission funds, it seems VPN may have sent the alleged Dikian BTC prior to receiving their broker commission.

On or around May 13, 2022, and continuing thereafter, VPN made several inquiries to Intermediar regarding the status of the Intermediar Transaction, informing them that Dikian had received and withdrew the Bitcoin sent to him, and demanding that Intermediar release VPN’s commission funds.

I'm not sure how much VPN was expected to receive from Intermediar, but this seems like an evolved hybrid of the appraisal scam, targetting brokers. As it seems there may have been 3 imposters (1) fake escrow intermediar (2) fake Diakan (3) fake Du...

Fake Diakan insists on fake Intermediar > Fake Du blindly agrees to pay 2.2m to fake intermediar > VPN seemingly believes this is all above on board, and maybe by lure of an additional sale, VPN sends $250k in BTC without yet receiving their VPN commission, thus taking a $250k bitcoin loss?

While this alleged scam seems to have involved a fake buyer + fake seller + fake escrow = (to) scam the broker, I couldn't even imagine what this shit show would look like if Du is/was a real buyer that lost $2mil+ to intermediar, and what type of scrambling a broker would be doing if they contributed to their client losing $2mil to a fake escrow website.

 

[Chris Hydrick]

@DomainNameWire recently published an article on George Dikians response::

https://domainnamewire.com/2022/12/10/george-dikian-responds-to-vpn-com-lawsuit/

---

[In other news] it looks like Intermediar is back online, appearing as Inter-Mediar.com registered on August 1st, 2022 at NameCheap.

**Inter-Mediar.com is using a hubspot chat plugin.

 

[Chris Hydrick]

https://www.blockchain.com/btc/address/bc1qymcdwgqde47qxd8s7tk0jyufpgejrgtg4gw5qr

This address has transacted 9 times on the Bitcoin blockchain. It has received a total of 28.38953714 BTC ($502,803.12) and has sent a total of 28.38953714 BTC ($502,803.12). The current value of this address is 0.00000000 BTC ($0.00).

I'm not sure how accurate that 28 BTC input/output # actually is. ((but I'm a blockchain novice, so this summary is my best assumption))

When looking at the blockchain.com transaction log, I see:

The first transaction looks like it was the .0001BTC that VPN sent as a test transaction with hash ID <935dc7ef6f55ee0cd4a1159ef367324824ef1ccf239019154672e1630 cdaa81b>

Blockchain.com seems to list 6.91589205 BTC as outPut but the wallet in question looks to only have received the .0001BTC input.

((ie. the BTC output may equal 28 BTC, but it doesn't look like the wallet actually received that amoiunt))

When I first took a stab at looking at the chain history, I used: https://www.blockonomics.co/#/search?q=bc1qymcdwgqde47qxd8s7tk0jyufpgejrgtg4gw5qr

It looks like:

4 May 2022 @1205: received: +0.0001 BTC
4 May 2022 @1246: received: +6.27 BTC
11 May 2022 @2128: sent -0.50002679 BTC
11 May 2022 @2138: sent -0.50002679 BTC
11 May 2022 @2233: sent -1.00002679 BTC
11 May 2022 @2255: sent -1.00002679 BTC
12 May 2022 @0011: sent -1.00002736 BTC
12 May 2022 @0057: sent -1.00002592 BTC
12 May 2022 @2143: sent -1.26993956 BTC





**(time stamps from blockchain.com | hyperlinks to blockonomics.co)

*** Notably, the transaction times on Blockchain.com and Blockonomics.co are a few minutes apart, so take the transaction times with a grain of salt
...

11 May 2022 @2128: sent -0.50002679 BTC >> looks to have been sent to wallet address: bc1qfu465pdlg5yfkdmq5nvkmehngzpxvgraam2x4j



bc1qfu465pdlg5yfkdmq5nvkmehngzpxvgraam2x4j (address history)



Looks to have been emptied to wallet address: 14FoANzjfuzx5kjcE2t9RHu5GyF21EDgwF
...

11 May 2022 @2138: sent -0.50002679 BTC >> looks to have been sent to wallet address: bc1qky0tpy908awklx78yczq3krg5f284ze3g6qarc

bc1qky0tpy908awklx78yczq3krg5f284ze3g6qarc (address history)



Looks to have been emptied to wallet address: bc1qrgdndftdm03kkdzs3crm85ter8prdcv5qgg5nn
...

11 May 2022 @2233: sent -1.00002679 BTC >> looks to have been sent to wallet address: bc1qz326c2yjfhmn2hh8vdpa5h5fe09gwu5v53atrg

bc1qz326c2yjfhmn2hh8vdpa5h5fe09gwu5v53atrg (address history)


Looks to have been emptied to wallet address: bc1qrgdndftdm03kkdzs3crm85ter8prdcv5qgg5nn or maybe 16hiTVsDsGJun1ZiufqPyVw9fbaWbeykQW

...

11 May 2022 @2255: sent -1.00002679 BTC >> looks to have been sent to wallet address: bc1qs5q5qeclklgn8j2lqkncjztp34tzjnxafyh8lj

bc1qs5q5qeclklgn8j2lqkncjztp34tzjnxafyh8lj (address history)



Looks to have been emptied to wallet address: bc1qrgdndftdm03kkdzs3crm85ter8prdcv5qgg5nn or 16hiTVsDsGJun1ZiufqPyVw9fbaWbeykQW
...

12 May 2022 @0011: sent -1.00002736 BTC >> looks to have been sent to wallet address: 19apZEZjdXQpVH9GJnwCJiaccXXgfLXvrc

19apZEZjdXQpVH9GJnwCJiaccXXgfLXvrc (address history)



Looks to have been emptied to wallet address: 1GrwDkr33gT6LuumniYjKEGjTLhsL5kmqC
...

12 May 2022 @0057: sent -1.00002592 BTC >> looks to have been sent to wallet address: 19apZEZjdXQpVH9GJnwCJiaccXXgfLXvrc (same address as above)

19apZEZjdXQpVH9GJnwCJiaccXXgfLXvrc (address history)


...

12 May 2022 @2143: sent -1.26993956 BTC >> looks to have been sent to wallet address: 127ygKZgJXDDk7g3mcUuEyrqRQ2MzXfF4Y

127ygKZgJXDDk7g3mcUuEyrqRQ2MzXfF4Y (address history)


Looks to have been emptied to wallet address: 1GrwDkr33gT6LuumniYjKEGjTLhsL5kmqC

---

Needless to say, all addresses that received BTC directly from the BTC address that VPN sent 6.2701 BTC to appears to have been emptied.

However, you can see the destination wallet address that these were emptied to. I didn't post some active wallets I found earlier because I don't know how to confirm or make sense of these transactions when these coins enter wallets with lots of activity.

For instance, take a closer look at the final transaction, <12 May 2022 @2143: sent -1.26993956 BTC>

The transaction input was:
bc1qymcdwgqde47qxd8s7tk0jyufpgejrgtg4gw5qr << that's the address alleged Dikian provided VPN>
1.26983956 BTC
bc1qymcdwgqde47qxd8s7tk0jyufpgejrgtg4gw5qr << that's the address alleged Dikian provided VPN>
0.0001 BTC

The transaction output was:
127ygKZgJXDDk7g3mcUuEyrqRQ2MzXfF4Y <<that's the gaining address>
1.26989974 BTC

The gaining wallet address <127ygKZgJXDDk7g3mcUuEyrqRQ2MzXfF4Y> then sent its remaining 1.269.. BTC to address <1GrwDkr33gT6LuumniYjKEGjTLhsL5kmqC>

The BTC Wallet Address <1GrwDkr33gT6LuumniYjKEGjTLhsL5kmqC> appears to have a BTC balance of 2659 BTC (= current value of apprx $47million)

In summary (for instance), VPN sent 6.27 BTC to alleged Dikian wallet > the alleged Dikian wallet sent the remaining apprx 1.269 BTC to wallet ending in XfF4y > the wallet ending in XfF4y looks to have been emptied to wallet ending in 5kmqC > wallet ending in 5kmqC appears to have a current balance 2659 BTC, albeit with lots of incoming/outgoing transaction history..

I have no idea how to identify the wallet <1GrwDkr33gT6LuumniYjKEGjTLhsL5kmqC> which has a $47mllion BTC balance... is it an exchange? a mixer? or...?

 

[DNabc]

This was probably explained before, but when you use a pseudonym on whois, isn't that wrong information?
"If you give wrong information on purpose, or don't update your information promptly if there is a change, your domain name registration may be suspended or even cancelled"
https://www.icann.org/resources/pages/whois-data-accuracy-2017-06-20-en

For years, before GDPR, I had my real name and phone number there, getting so many scam attempts and spam... that sim card / phone had to be silent 99% of the time.

 

[Shimmy]

Well now it makes sense why he was using fake whois info, that dude did some serious cybersquatting...

PARTIES
Complainant is Yahoo!, Inc. and GeoCities, Inc., Sunnyvale, CA (“Complainant”) represented by David M. Kelly of Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P. Respondent is Eitan Zviely a/k/a comyahoo.com, et al., Memphis, TN (“Respondent”).

REGISTRAR AND DISPUTED DOMAIN NAMES
Forty-six domain names are at issue, including: <comyahoo.com>, <hyahoo.com>, <yahoochinese.com>, <yahooh.com>, <yahoopager.com>, <yaooh.com>, <dyahoo.com>, <fyahoo.com>, <sahoo.com>, <yahaoo.com>, <yahooa.com>, <ysahoo.com>, <eliyahoo.com>, <gbchineseyahoo.com>, <gbyahoo.com>, <geocitties.com>, <geocitys.com>, <httpyahoo.com>, <lyahoo.com>, <searchyahoo.com>, <syahoo.com>, <yahooespanol.com>, <tyahoo.com>, <yaaoo.com>, <yahooc.com>, <yahooindex.com>, <yahoomaps.com>, <yahoosex.com>, <yahoou.com>, <yaohoo.com>, <yayhoo.com>, <yayoo.com>, <yoahoo.com>, <ytahoo.com>, <geociities.com>, <geocitiies.com>, <geocitoes.com>, <geocoties.com>, <geoities.com>, <yahgoo.com>, <yahoom.com>, <yahoow.com>, <yahopo.com>, <yaqhoo.com>, <yhooligans.com>, and <yahool.com>, registered with Tucows, Inc.

 

[tonyk2000]

I'm not sure anyone at Namepros is terribly interested in following this lawsuit any further, since the gritty reality of litigation is not "as seen on TV". Developments are slow, and often tedious. So, do let me know whether I should continue to post updates on it.

John, please continue posting all the findings and your comments! This info is important. For example, now we know how VPN .com played/plays with their commission %%%...