information VPN.com LLC has filed a multimillion lawsuit

[Lox]

VPN.com LLC has filed a multimillion lawsuit against long time domain investor George Dikian (California), Qiang Du (Hong Kong) and John Doe at the US District Court (California).

The lawsuit involves a $250,000 payment in Bitcoin and $6.625 million in owed commissions on multiple transactions involving 96 premium 2N.com and 3N.com domains.

read more

 

[jberryhill]

New filing:

https://storage.courtlistener.com/recap/gov.uscourts.cacd.855964/gov.uscourts.cacd.855964.30.0.pdf

VPN had been working on its default judgment motion when counsel for the Defendant George Dikian (“Defendant Dikian”) reached out to VPN’s counsel to discuss the case, the possibility of expedited discovery, as well as other case management issues. At Defendant Dikian’s request, VPN agreed to temporarily delay the filing of its default judgment motion while discussions took place. Due to disagreements over certain conditions sought by Defendant Dikian, relating to the exchange of expedited discovery and alleged privacy concerns related to Defendant Dikian making an appearance in the case, those discussions ended up taking longer than anticipated. The parties had been working on a timeline of next steps when Your Honor issued the OSC. Due to the OSC, VPN requested Defendant Dikian formally appear in the case, and VPN also agreed to set aside the entry of default against Defendant Dikian and allow until December 9, 2022, for Defendant Dikian to respond to the Complaint.


So it sounds as if they are working to manage the next procedural steps.

 

[Grilled]

Was it ever determined if/how @VPN.com had verified they were approached by the real Qiang Du?

Per the OnlineDomain.com article

It all started on March 8, 2022, when VPN was approached by Du, who, upon information and belief, owns the entity called ZTE Holdings (中興新) (“ZTE”). Du stated that ZTE was interested in purchasing the domain name <89.com> (“89.com”) and sought VPN’s help in identifying the owner and facilitating the transaction (the “Intermediar Transaction”).

I don't know much about Qiang Du or ZTE Holdings, but I noticed DomainNameWire.com had published a 2017 article where Qiang Du filed a lawsuit against John Doe for the alleged theft of BSH.com, which he claimed to have paid $100k for in 2016. (I don't know the outcode to that suit)

The VPN lawsuit lists Du's email address as <rhwdomains(@)gmail.com> but I can't seem to find any online record of that email address, besides that email being listed in VPNs lawsuit.

This is where it gets sketchy... alleged Du (the buyer) agrees to the acquisition price of $4.4mil. alleged Dikian (the seller) agrees to accept 2mil from alleged Du through intermediar, and VPN (the broker) agrees to accept $2.15mil in broker commission and VPN agreed to directly send alleged Dikian $250k in bitcoin after intermediar released VPNs broker commission.

After several rounds of negotiation with Du, Du agreed on an acquisition price of $4,400,000 to be paid by Du. VPN’s net proceeds for brokering the deal would be $2,150,000.

After further back and forth with Dikian on this issue, Dikian agreed to accept $2,000,000 in USD from Du through Intermediar and $250,000 in a direct Bitcoin payment from VPN, which VPN would send after its Broker commission payout was released by Intermediar.

On April 23, 2022, Intermediar confirmed that Du had partially funded the transaction by depositing $2,200,000 into Intermediar. This confirmation was false.

Come May, it appears at some point, VPN did send the alleged Dikian BTC, but given VPN was demanding intermediar release VPN's commission funds, it seems VPN may have sent the alleged Dikian BTC prior to receiving their broker commission.

On or around May 13, 2022, and continuing thereafter, VPN made several inquiries to Intermediar regarding the status of the Intermediar Transaction, informing them that Dikian had received and withdrew the Bitcoin sent to him, and demanding that Intermediar release VPN’s commission funds.

I'm not sure how much VPN was expected to receive from Intermediar, but this seems like an evolved hybrid of the appraisal scam, targetting brokers. As it seems there may have been 3 imposters (1) fake escrow intermediar (2) fake Diakan (3) fake Du...

Fake Diakan insists on fake Intermediar > Fake Du blindly agrees to pay 2.2m to fake intermediar > VPN seemingly believes this is all above on board, and maybe by lure of an additional sale, VPN sends $250k in BTC without yet receiving their VPN commission, thus taking a $250k bitcoin loss?

While this alleged scam seems to have involved a fake buyer + fake seller + fake escrow = (to) scam the broker, I couldn't even imagine what this shit show would look like if Du is/was a real buyer that lost $2mil+ to intermediar, and what type of scrambling a broker would be doing if they contributed to their client losing $2mil to a fake escrow website.

 

[jberryhill]

While this alleged scam seems to have involved a fake buyer + fake seller + fake escrow = (to) scam the broker, I couldn't even imagine what this shit show would look like if Du is/was a real buyer that lost $2mil+ to intermediar, and what type of scrambling a broker would be doing if they contributed to their client losing $2mil to a fake escrow website.

You left out the punchline, Chris. The entire transaction was an imaginary structure to get the broker into a classic 419 advance fee scam, but the broker is also suing to recover his commission on the deal!

To make this a little simpler - imagine that you answer one of those emails where a Nigerian widow has $20 million dollars in a box being held in a security company in Spain. If you sign up as her US agent, then she will give you $5 million dollars. All you have to do to receive the box is to pay the $500 release fee to the security company from a US bank account.

You pay the $500, and nothing happens, so you realize you were scammed.

Then, you go and file a lawsuit against a Nigerian widow for $5,000,500, to recover your advance fee along with your share of the non-existent $20 million.

It reminds me of the end of the film Idiocracy where Fredo admits he knew the time machine wouldn't really work, but he wanted all that money...

 

[Grilled]

It reminds me of the end of the film Idiocracy where Fredo admits he knew the time machine wouldn't really work, but he wanted all that money...

You mean the Time Masheen

....

 

[Grilled]

In light of this intermediar stuff, and considering epik/masterbucks issue VPN.com might want to consider updating their Vpn.com/Escrow review page.

 

[jberryhill]

I mentioned previously that we had only heard one side of the story.

An answer has been filed. The way that legal pleading works - just nailing down the basic factual outlines of what the plaintiff alleges, and what the defendant disputes, is fairly simple. It is not a process of argument, so much as simply identifying, in the complaint, where the defendant agrees, disagrees, or has insufficient information to respond (or where the complaint alleges a legal proposition instead of a factual one, in which case no response is required).

This answer, however, takes an interesting tack toward sketching out the arguments to come.

https://storage.courtlistener.com/recap/gov.uscourts.cacd.855964/gov.uscourts.cacd.855964.33.0.pdf

"On information and belief, based upon the
admissions in Plaintiff’s Complaint, it is Plaintiff that attempted to commit one
completely fraudulent domain name transaction. Apparently blinded yet guided
by nothing but greed, Plaintiff alleges that it was defrauded of some $250,000
worth of bitcoin (as of May 4, 2022 – worth about half that amount now), in the
process of perpetrating its own fraud, by which Plaintiff hoped to extract a
$2,150,000 so-called “commission” as an undisclosed dual agent for both parties
to the fictional transaction.

...

Dikian admits that Dikian is the professional alias identity of a well
known domain name investor and reseller. Dikian lacks knowledge or
information sufficient to form a belief as to the truth or falsity of the remaining
allegations of this Paragraph, and therefore denies the remaining allegations of
this Paragraph. On information and belief, based upon reasonable investigation,
the purported “escrow service” Intermediar.com was an obvious fraud that could
never be trusted in any transaction. For example, the purported escrow service
website contained a purported blog, with text that was simply copied and pasted
from other industry websites, such as Namecheap and Dan.com. More
significantly, in the website’s purported “Terms of Service”, no person or legal
entity was identified, the address was stated as a 14-story office building, and
there was no such registered company in the Netherlands as “Intermediar.com”
identified in the terms of service on the site (which also consisted of copied text
from a site called Paylax). These two facts make it immediately obvious that the
Intermediar.com website consisted mostly of text copied from other sites, and
failed to identify any existing person or legal entity of any kind which might be
held accountable. Yet, on information and belief based upon the allegations in
the Complaint, Plaintiff sought to conduct a transaction worth more than $6
million through this obviously fake “escrow service.” On information and belief
based upon experience in the domain name industry, such “fake escrow scams”
have been perpetrated and revealed publicly many times in the industry over
many years. Any purportedly professional domain name broker, as Plaintiff
purports to be, would never utilize such a “new” and obviously fraudulent
“escrow service” for any significant transaction.

...

On information and belief, based on long
experience in the domain name industry, it is unconscionable for any domain
name broker to charge a nearly 100% commission (based on the sales price) in
any transaction. Typical domain name brokerage commissions for multi-million
dollar transactions are in the range of 5% to 15%. Dual agency transactions such
as that described by Plaintiff are highly discouraged, if not illegal. Dikian states
that he has never and would never agree to any transaction proposed by a dual
agent disclosing a nearly 100% commission on the sales price.

...

Dikian denies that he has ever owned any bitcoin, transacted in
bitcoin, or operated any bitcoin wallet.

...


Dikian admits that on May 11, 2022, Dikian notified Plaintiff by
email from the email address [email protected], that the purported 89.com
transaction was not initiated nor agreed by Dikian, and that Dikian did not
receive any bitcoin from Plaintiff.

...

Dikian alleges that each and every cause of action stated in Plaintiff’s
Complaint is not brought in good faith, but for an improper purpose, and is
brought without reasonable cause, and is frivolous in nature, thereby subjecting
Plaintiff and/or Plaintiff’s counsel to the imposition of sanctions pursuant to
Rule 11 of the Federal Rules and/or the Court’s inherent powers."

---------

So, it would appear that we have a very sharply-defined contrast between the allegations of the Plaintiff and the contentions thus far of the Defendant.

The answer and the complaint merely mark the beginning of a lawsuit. The Plaintiff has made its claim and the Defendant has admitted or denied the various factual bases of the complaint.

No doubt the contentions of the parties are going to be resolved on facts yet to be known.

But how if it will be proofed that the emails are spoofed, and they realize that they had sued the wrong person?

Quite often, when someone is highly invested in a particular interpretation of their perception of the facts, it can be extremely difficult for that person to move from their interpretation even when strong evidence points to an error in either their perception of the facts or their interpretation of them. If you read comprehensive analysis reports of things like airplane disasters or industrial accidents (the Three Mile Island nuclear plant is a great study), you will often find someone who has made up their mind about the situation and continues to act on that conclusion even when they should have noticed their initial conclusion was incorrect.

The more interesting question is what sort of evidence is going to be available. I can think of quite a few things that should be subpoenaed from third parties. Obviously, the email providers, domain registrars, hosting service for intermediar, and so on, if the relevant logs still exist, will provide important information about access times and IP addresses. Of course, the users of the accounts may have used VPN's which, in itself, would be interesting in this particular context. But having seen hacked accounts from a service provider perspective, it is typical that the authorized user can be distinguished from the unauthorized one, merely by the patterns and methods of access (IP address, times of day, frequency, type of activity, metadata such as browser/device/software information, and so on).

Another interesting approach, if there is not a lot of technical data, is to look at Dikian himself. Obviously, VPN has email records with times and dates on them. Just as obviously, Dikian will possibly have records which make it unlikely for him to have been sending emails at those dates and times, unless you want to buy the proposition that Dikian was pretending to impersonate himself, or some crackers hypothesis like that. Additionally, here we also have written material from the alleged impersonator. There are methods by which, if provided with a collection of emails written by the actual George Dikian, the denied correspondence can be statistically and linguistically analyzed to determine the likelihood of authorship by Dikian. Even without Dikian, the emails can be analyzed for things like probable native language of the author (if not English), among other textual indicators of identity.

Finally, it is worth noting that "George Dikian" is apparently a business or professional name of the person in question. We live in a world where if you ask someone who is Issur Danielovitch Demsky or Marion Robert Morrison, you get a lot of shrugs.

Maybe someone else can tell us about Issur Danielovitch Demsky, Marion Robert Morrison, or a big favorite who might be more recognizable to a younger crowd, such as William Jefferson Blythe III.

But the versions of reality are quite distinct. Either Mr. Gargiulo is mistaken or Mr. Dikian is a thief.

Which reality do you believe to be more likely, and why?

 

[Grilled]

@DomainNameWire recently published an article on George Dikians response::

https://domainnamewire.com/2022/12/10/george-dikian-responds-to-vpn-com-lawsuit/

---

[In other news] it looks like Intermediar is back online, appearing as Inter-Mediar.com registered on August 1st, 2022 at NameCheap.

**Inter-Mediar.com is using a hubspot chat plugin.

 

[jberryhill]

"Back online" or a copied template. But interesting.

 

[jberryhill]

Incidentally, on the Namepros thread about someone presenting as Dikian, I guess those people should be told to preserve all the evidence they have.

 

[silentg]

Reported the new website to NameCheap. Sent link to this thread and domainname wire article and they replied saying they need more proof.

I replied with screenshot of the original website from archive.org yesterday. Let’s wait and see if they will do anything.

 

[jberryhill]

I hope that all the relevant data is captured before it is shut down.

 

[Grilled]

Was it ever determined if/how @VPN.com had verified they were approached by the real Qiang Du?

Per the OnlineDomain.com article

I don't know much about Qiang Du or ZTE Holdings, but I noticed DomainNameWire.com had published a 2017 article where Qiang Du filed a lawsuit against John Doe for the alleged theft of BSH.com, which he claimed to have paid $100k for in 2016. (I don't know the outcode to that suit)

The VPN lawsuit lists Du's email address as <rhwdomains(@)gmail.com> but I can't seem to find any online record of that email address, besides that email being listed in VPNs lawsuit.

Qiang Du is still a mystery to me. I'm not sure how common of a name Qiang Du is, but it looks like the alleged ZTE holdings may have noting to do with the California Qiang Du that sued in 2017 for the theft of BSH.com?

I don't know where I read that RHWDomains(@)gmail.com is Qiang Du's email address; maybe I'm mistaken? The only google result for that email address is from PacerMonitor citing this case.

---

Point 14 of VPN.coms complaint states VPN was approached by Du, and that upon information and belief owns the entity called ZTE Holdings.

14. On March 8, 2022, VPN was approached by Du, who, upon information and belief, owns the entity called ZTE Holdings (中興新) (“ZTE”)

Point 30 of VPN.com's complaint lists a yingxiao @zte.com.cn email address that Qiang Du allegedly used to register his intermediar account. According to google translate, yingxiao = marketing

30. On April 15, 2022, Du confirmed to VPN that Du’s Intermediar account was registered under [email protected]. This statement was false, as Intermediar is a fraudulent escrow service.

So if ZTE Holdings is ZTE.com.cn, what infomration led to VPNs belief that Qiang Du owned the entity called ZTE Holdings??? Was it the yingxiao @zte.com.cn email address?

 

[jberryhill]

Qiang Du is still a mystery to me. I'm not sure how common of a name Qiang Du is, but it looks like the alleged ZTE holdings may have noting to do with the California Qiang Du that sued in 2017 for the theft of BSH.com?

It's a common enough name. Since the odds are low that there was any actual Qiang Du with whom VPN was corresponding, then the question of which Qiang Du was intended to be impersonated is an open question. How many domainers are named "Qiang Du" might be a better question.

We may find out if VPN obtains a default judgment against a nominal "Qiang Du" and then attempts to obtain Du's domains, since obviously there is at least one Qiang Du who will litigate to keep them.

 

[Grilled]

But the versions of reality are quite distinct. Either Mr. Gargiulo is mistaken or Mr. Dikian is a thief.

Which reality do you believe to be more likely, and why?

Does the answer depend on if Mr. Gargiulo was talking to the real Mr. Dikian of [email protected], or as long as the emails did in fact come from [email protected], then there is no way Mr. Gargiulo can be mistaken? Or is it, as mentioned earlier in this thread by @Embrand that vitcims of hacked emails/identity fraud shouldn't be held responsible?

I don't think I read in Mr. Dikians response an admission that any of his email addresses were improperly authorized. Though, Mr. Dikian denied receiving March 8th emails to [email protected] or [email protected]. Mr. Dikian also denied sending a respond from those emails. However, Mr Dikian admitted to notifying the plaintiff by email from [email protected] on May 11th.

So if it's determined emails weren't spoofed, and emails were sent to/from [email protected] without the real Mr. Dikians knowledge, it seems for Mr. Gargiulo to be mistaken, then Mr Dikians accounts or emails would have to had been accessed by somebody (likely a bitcoin thief?) without the real Mr. Dikians authorization?

If Mr Dikian's yahoo account was accessed without his authorization, I assume/hope the real Mr. Dikian already:

-- looked at his yahoo account activity: https://login.yahoo.com/myaccount/activity

-- downloaded his Yahoo history: https://yahoo.mydashboard.oath.com/

-- checked to see if any filters were set/left in his account: https://mail.yahoo.com/d/settings/7

-- checked to see if any email addresses were set/left to block: https://mail.yahoo.com/d/settings/8

---

Further, if Mr. Dikians email or accounts were indeed hacked, what could have led to somebody gaining access to his accounts? Does Mr. Dikian have a history of account hacks leading to stolen domains or anything similar... or why now?

I found five email addresses based on historical WHOIS records that look (assumed, not confirmed) to have some type of connection to a George Dikian. (1) [email protected] (2) [email protected] (3) [email protected] (4) [email protected] (5) [email protected]

Besides some historical WHOIS Dikian connection, what else do these 5 email addresses have in common? All 5 were listed as being pwned in the September 2021 Epik hack which according to HaveIBeenPWNED.com cite the compromised data as: Email addresses, Names, Phone numbers, Physical addresses, Purchases.

As mentioned earlier, Intermediar.com trustPilot account was verified via "Contact details Google My Business account verified and synced" on January 2022.

It appears, if Epik had George Dikians physical address on file, then it may likely have been leaked. Not sure if that, in combination of other data was used to gain unauthorized access to Dikian accounts, but some may find it interesting to note if a epik leaked Dikian address was different than the L.A. address VPN initially listed for Dikian in the California civil summons.

---

namePros member @.X. appeared to report that his data wasn't just stolen from epik, but somebody had used his home address, and committed a crime with it.

...my data wasn’t just stolen from Epik, someone used my home address as their own address , that person committed a crime using my home address, and I got a call from the BIG men.

Now, there's no direct indication that the September 2021 epik hack led to Mr. Dikians account(s) being hacked. Checking email addresses across HaveIBeenPWNED.com is just one initial step to take when begining to question how an account may have been hacked/socialEngineered/accessedWithOut authorization. But, notable in this instance, the 5 email addresses I found that looked like it could have a George Dikian domain connection all appeared to have been pwned in the 2021 epik hack.

---

Lastly, since we are talking about missing bitcoin, there is a ledger of it being moved. I'm not a crypto guy, but some basic internet search seem to reveal wallet movement. IDK how to make much sense of that data, but if nothing else, I feel publishing those wallet addresses to this thread or elsewhere may leave a internet record which somebody by have knowledge of now, or in a cached future. Below is the wallet address provided to VPN by somebody alleging to be George Dikian, in case any crypto sleuths want to try to make sense of what happened to the BTC:::

36. On April 24, 2022, Dikian provided his Bitcoin wallet address to VPN in order for VPN to make the $250,000 payment once Intermediar confirmed completion of the transaction. Dikian provided the following Bitcoin wallet address: bc1qymcdwgqde47qxd8s7tk0jyufpgejrgtg4gw5qr.

51. On the evening of May 4, 2022, after Intermediar’s confirmation of the withdrawal that same morning, and after confirmation of the separate Escrow.com transaction which had verified Dikian’s identity, VPN wired Dikian 6.27 Bitcoin, which was worth $250,000 at the time of sending, from VPN’s Coinbase Pro Account, verified by the transaction hash: bc63bcff3eb86ae1dbfbf035ef51d6594d9d6d3b372d30f1038427e227c920aa.

52. Before sending the full amount, VPN sent a test transfer of .0001 Bitcoin, which Dikian confirmed receipt of via email, and verified by the transaction hash: 935dc7ef6f55ee0cd4a1159ef367324824ef1ccf239019154672e1630 cdaa81b.

 

[Grilled]

We may find out if VPN obtains a default judgment against a nominal "Qiang Du" and then attempts to obtain Du's domains, since obviously there is at least one Qiang Du who will litigate to keep them.

But if Qiang Du is a common name, how can VPN be sure they are going after the correct Qiang Du's domain names?

Would VPN be limited going after domains that are connected to a Qiang Du's email address that VPN communicated with?

The VPN lawsuit lists Qiang Du's email address as: [email protected] (no PWNED found)

But the California Qiang Du (possible domainer?) seems to have historically operated using [email protected] (multiple PWNED found; including 2021 epik hack)

 

[Grilled]

it looks like Intermediar is back online, appearing as Inter-Mediar.com registered on August 1st, 2022 at NameCheap.

Show attachment 228351
**Inter-Mediar.com is using a hubspot chat plugin.

Reported the new website to NameCheap. Sent link to this thread and domainname wire article and they replied saying they need more proof.

I replied with screenshot of the original website from archive.org yesterday. Let’s wait and see if they will do anything.

Looks like it's been taken down.

---

Something of note in the archive.org entires of Intermediar.com, is:

11 February 2022 = review from @garyford

compared to:

10 March 2022 = removed the name Gary Ford and replaced it with Qiang Du

...

The reason I say of note, is if, the data/dates is accurate in archive.org, then why would a Qiang Du of the United States have left a review on or before March 10th if it wasn't until April 23rd that Intermediar would tell VPN that Qiang Du had partially funded the transaction by depositing $2.2mil into intermediar; also, March 8th seems to be the day Qiang Du approached VPN.

Sparking curiousity to ask:

(1) Why does the review say Qiang Du of the United States? considering VPN lawsuit lists Qiang Du Hong Kong

(2) Was that Qiang Du review visible at the time VPN was negotiating with whom they believed to be the real George Dikian? considering this odd, if so, since it was alleged that George Dikian was the one who was insistent on using Intermediar over escrow.com

 

[AEProgram]

Looks like it's been taken down.

Show attachment 228537

---

Something of note in the archive.org entires of Intermediar.com, is:

11 February 2022 = review from @garyford

Show attachment 228538

compared to:

10 March 2022 = removed the name Gary Ford and replaced it with Qiang Du

Show attachment 228539

...

The reason I say of note, is if, the data/dates is accurate in archive.org, then why would a Qiang Du of the United States have left a review on or before March 10th if it wasn't until April 23rd that Intermediar would tell VPN that Qiang Du had partially funded the transaction by depositing $2.2mil into intermediar; also, March 8th seems to be the day Qiang Du approached VPN.

Sparking curiousity to ask:

(1) Why does the review say Qiang Du of the United States? considering VPN lawsuit lists Qiang Du Hong Kong

(2) Was that Qiang Du review visible at the time VPN was negotiating with whom they believed to be the real George Dikian? considering this odd, if so, since it was alleged that George Dikian was the one who was insistent on using Intermediar over escrow.com

see the Gary Ford guy on here, guy was an obvious shill

https://www.namepros.com/threads/do-not-use-intermediar-com-silverbellxchange-com.1272591/

 

[Grilled]

@=ThreadOP= @Lox

I'm not sure if you dove into this yet; if you any or

 

[Embrand]

I think Konstantinos Zournas has quite an interesting comment on his website:

"I am not too familiar with US law but I am pretty sure that in most countries you need to state your real name in a court to file an answer and you can not reply using an alias and sign the response as “Attorneys for Defendant sued as George Dikian”.

So, who is “George Dikian” on the VPN.com lawsuit?

If I was “George Dikian” and wanted to clear my name the first thing I would do is state my real name in the court. I wouldn’t use an alias in the first place but anyway…"

https://onlinedomain.com/2022/12/13/domain-name-news/who-is-george-dikian-on-the-vpn-com-lawsuit/

This case seems to have it all: A fake website, mysterious domain investors, unheard of commissions and some awesome domains...

 

[Lox]

@=ThreadOP= @Lox

I'm not sure if you dove into this yet; if you any or

I have asked x person to make in-person visit and there is no record of renting the office (po box) in Beethovenstraat building. The business/company is not registered in t NL chamber of commerce and has no legitimate physical address nor person name. Other "intermediar" companies registered in NL do not act as a collection agent or do not provide escrow service.

VPN & co just don't want to dig deeper, more like playing in the $and.

(but, I don't need to tell you that you should get paid for DD ... 1000s of dollars.)

Regards