How I Removed My Profile Pic from Sydex.net and Alumnius.net People Search
Using internet backbone records, I traced Sydex and Alumnius to a Dutch web host involved in Russia-USA election interference.
September Update: I’ve been informed that the police visited Sydex’s physical address and there was nobody there.
- Attempt 1 (Failure): King Servers
- Attempt 2 (Failure): Hurricane Electric
- Attempt 3 (Success): Webzilla
- Backup Strat (Search Engine Removal)
- How To Remove Your Profile Pic from Sydex.net and Alumnius.net
- Bonus Tip for MyLife.com
- Ongoing Updates
A couple months ago, I decided it was time to change up the profile pic that I use on GitHub, Twitter and LinkedIn. The old picture was a self-portrait that I hastily took in 2013, and while it served its purpose well, it depicts me much younger than I am now. Plus the composition is a little janky, so it looks kind of derpy.
So I replaced my portrait everywhere on the internet. Since there were many copies out there, I made a game of it. I changed my profile pic on Google, LinkedIn, GitHub, Keybase, Twitter, Crunchbase, Codepen, GitLab, Ko-Fi, everywhere. I deleted accounts. I deleted old Reddit posts. I finally sniped all the indexed copies out there, and asked google to remove the broken links from its search results.
Sydex.net and Alumnius.net, two “people search” sites running on the same infrastructure, had crawled my headshot from LinkedIn and rehosted it without my permission, and their image was ranking in Google for my name.
The business model of Sydex.net and Alumnius.net is quite simple. They scrape data from public sources such as LinkedIn, and rehost it on their own website. Then they charge you a fee if you want to remove it. Redditor RandomComputerFellow explains it well:
From a legal perspective this service is 100% illegal and they know this. Their business model is to expose people and then charging 20 bucks from them so they delete this information.
The problem is that they are based in Cyprus and there is no way to proceed against them because authorities down there are corrupt as fuck and will not do anything.
If you look at Alumnius.net, you can see what RandomComputerFellow was referring to: a “Rapid Removal” page where they ask for payment in exchange for the removal of your profile.
This is the removal page for sydex.net:
And the removal page for alumnius.net, a bit more explicit about the payment part:
As you can see, they are almost identical.
Motivated by the desire to expose a shady company (and not willing to cough up $20 to opt out even if it were moral), I decided I would (1) learn as much about Sydex/Alumnius as possible, (2) try to remove my profile pic by going through their hosting company, and (3) dox their hosting setup as thoroughly as I can on my personal blog, so that other people who want to remove their own profile pics don’t have to re-do any legwork.
Luckily, there was an angle for me to take. All that Hollywood anti-piracy legislation was actually good for something, it seems. In their frenzy to take down pirated movies on the internet, they left in their wake a legal tool that would come in useful to take down my profile picture, the Digital Millenium Copyright Act, or DMCA.
Attempt 1 (Failure): King Servers
Knowing that the owners of Sydex/Alumnius were not likely to give me their “service” (removal) for free, I figured my first stop for complaint should be with their hosting provider.
Unfortunately, Sydex.net and Alumnius.net are hosted by King Servers B.V., a well-known bulletproof hosting company based in Russia notorious for hosting shady websites, ignoring abuse complaints, and selling anonymous server space to Russian hackers who attempted United States election fraud in Arizona and Illinois. But I didn’t know that at first, so here’s the abuse message I sent them:
On Sun, May 17, 2020 at 10:1 PM, I wrote:
I believe you are hosting content that infringes my copyright. The domain hosting the infringing content is sydex.net, which has IP address 126.96.36.199. Can you confirm whether King Servers controls this IP address?
They responded to tell me that the domain and IP address are not under their control:
Mon, 18 May 2020 07:47:52 +0000
This domain and IP address are not owned by our customers
Vladimir K. from King Servers
But that’s jiggery-pokery.
See, if you do a dig lookup on sydex.net, you get the IP address 188.8.131.52.
And if you do an ARIN whois lookup on that IP address, you can see that that IP address is part of IP block AS14576, owned by Hosting Solution Ltd., with contact information listed as king-servers.com. In other words, in the backbone internet records, King Servers is listed as the abuse contact for this IP address.
I emailed them saying in a polite way that they are listed as the network operator and contact for that IP address, so either the whois information is inaccurate, or the claim that they don’t control it is a load of baloney. It’s been several weeks. I haven’t heard back, and I don’t expect to. They also haven’t “corrected” their whois registry entry, and I don’t expect them to.
Here is the full whois record for AS14576 (containing IP block 184.108.40.206/23), as of this article’s publication, for archival purposes:
OrgName: Hosting Solution Ltd.
Address: Hosting Solution Ltd.
Address: 201 Rogers Office Building
Address: Edwin Wallace Rey Drive
Address: George Hill,
Address: Data Center:
Address: Hosting Solution Ltd.
Address: C/O Hurricane Electric
Address: 48233 Warm Springs Blvd
OrgAbuseName: Abuse Department
OrgTechName: Network Operations Center
OrgNOCName: Network Operations Center
Attempt 2 (Failure): Hurricane Electric
While looking at the whois record above, I noticed that while the IP is assigned to Hosting Solution Ltd, it’s allegedly being served by a Hurricane Electric datacenter in Fremont, CA, USA.
Hurricane Electric is an “Internet Backbone and Colocation Provider”. In other words, they route core internet traffic, and also have a side business of providing on-site server rooms for business customers (e.g. the hosting company/reseller who hosts Sydex/Alumnius). The name Hurricane Electric wasn’t new to me, as a few years back I had considered using their services to host DNS for my personal site that you’re reading right now.
So I sent an email to Hurricane Electric’s abuse address:
Can you confirm that this IP address is hosted at HE datacenters?
The HE ARIN whois record seems to indicate that your datacenters are serving up this IP for your customer “Hosting Solution Ltd.” in connection with “King Servers B.V.”:
This IP is serving up content that violates my copyright under US law, at the domain sydex.net. King Servers B.V. is based in the Netherlands/Russia, and when I messaged them about copyright abuse, they denied that the IP address or domain are connected to them.
From what I’ve read, King Servers B.V. is seen as a “bulletproof” host in the piracy industry due to their policy of ignoring abuse emails, so I am hoping that I can work with you in taking down this copyrighted content instead, since it seems to be hosted at your datacenter in Fremont.
In that respect, this customer also seems to be violating your Acceptable Use Policy:
If you can confirm that you host this IP address, I will be able to send a proper DMCA notice to make the takedown request official.
It’s been several weeks since I sent that message. Because Hurricane Electric is an internet backbone company, I have every reason to believe that they are the “good guys” and want to keep scummy websites out of their datacenter, or at least respond to copyright complaints. Indeed, their acceptable use policy says that their customers must not “do anything illegal or anything that adversely affects Hurricane’s legal interests”. Perhaps they haven’t gotten to my abuse email yet, or it flew under their radar - or the whois record was inaccurate, they don’t actually host that IP, and so didn’t bother responding.
In the mean time, I found a last angle of attack.
Attempt 3 (Success): Webzilla
While scouring the source code of sydex.net to figure out how it was hosted, something finally jumped out at me that I missed the first time.
When you inspect a profile image on sydex.net, you can see that it’s generally of the form
http://photo.sydex.net/000000000.jpg, where the zeroes are a string of numbers that serve as an id number for the image.
In other words, the images are loaded from
photo.sydex.net, a different domain than
I clicked through on one of the images directly, and sure enough it redirected me to a
cdn12.com subdomain - a separate hosting provider solely for Sydex’s images. I ran another dig lookup, this time on
photo.sydex.net, which confirmed that
cdn12.com is indeed the next “layer of the onion” behind it.
So I started doing research on cdn12.com. There is no website at the apex domain (in other words,
http://www.cdn12.com do not yield any website in a web browser). The only real information I could find out there on the internet was a listing from a data aggregator called Apollo.io.
According to Apollo.io:
CDN12 is an international service provider focusing on delivering the best possible CDN to its customers, while keeping its prices fair. Rock-solid reliability together with 24/7 tech support ensure impeccable results and establish CDN12 as a worldwide leader in the industry.
So in other words, a load of marketing speak that doesn’t mean anything and doesn’t convey any useful information.
Here’s a screenshot of the listing for archival purposes:
Who was this mysterious CND12, and why were they providing services to sydex.net and alumnius.net?
If only there were a way to find out who is hosting cdn12.com. Hey, let’s do another ARIN whois lookup.
10727-6.b.cdn12.com and got IP addresses
And we get another whois entry:
OrgName: WZ Communications Inc.
Address: 110 E.Broward blvd
Address: Suite 1700
City: Fort Lauderdale
OrgAbuseName: WZCOMM Abuse
OrgTechName: WZCOMM NOC
So, the subdomain of
cdn12.com that is serving images for
sydex.net is hosted by WZ Communications Inc. in Fort Lauderdale, FL., and they list an abuse contact of
Before I sent an email there, I visited
webazilla.com myself to get a sense for the sort of hosting company I was dealing with. It redirected me to
webzilla.com, without the first “a”. Thinking that their whois data might have been outdated and pointing to an email address at their old domain, I decided to look up their abuse email myself to verify the whois entry.
One google search of “webzilla dmca” later, I found a document stating that they comply with the DMCA (pdf), and giving instructions for how to file a notice. Bingo.
So I sent them a proper DMCA takedown notice.
Do note that when you send a DMCA takedown request, you are signing under penalty of perjury that you are the copyright owner or acting at the copyright owner’s request. I’m not a lawyer but I’m pretty sure this is serious stuff, so if you are not sure if you own the copyright to your photo like I did, do your own research.
Here’s the DMCA takedown notice I sent to Webzilla at
Subject: DMCA Takedown Request - Notice of Infringement
To Whom It May Concern,
The following information serves to assert my rights and request removal of allegedly infringing web content under the Digital Millennium Copyright Act (DMCA). The following is a report, in good faith, of alleged copyright infringement. I am contacting you as the designated agent for the site upon which the infringing work currently appears. This letter is a Notice of Infringement as authorized in §512(c) of the U.S. Copyright Law.
I am the copyright owner of the works and the following is true and accurate.
A copy of my original copyrighted work is attached to assist you in your evaluation and determination. The following is a short description of the work:
This work is a self-portrait that I took using my own camera. I own the copyright to it. It depicts me, a young adult male, wearing a black shirt in front of a cloudy gray background.
The allegedly infringing image appears at the following location(s) online:
…in connection with the following web pages:
My contact information, as copyright holder, is as follows:
<street name redacted>
<city, state and zip code redacted>
The information of the alleged copyright infringers are:
Owner of Sydex.net
Owner of CDN12
I have a good faith belief the use of the above referenced copyrighted work(s) that appear on the website for which you are the designated DMCA agent is not authorized by the copyright owner, its agent, or by law.
I declare, under penalty of perjury, this notice is true and correct and that I am the copyright owner entitled to exclusive rights which I allege are being infringed.
Signed this <redacted> day of May, 2020 in Santa Cruz, CA, United States of America.
Be aware that the hosting provider will forward your details to the scammers to serve the notice, so be sure to use a burner phone number and an address other than your residential address that you can receive mail at.
Two days later, I received a brief email from Webzilla stating that the allegedly infringing content has been removed. Maybe if everyone sends in DMCA takedowns for their profile pics, Webzilla will eventually kick these extortionists off of their CDN.
Hopefully the article you’re reading should rank for search engine queries such as “sydex.net removal”, “remove profile from alumnius.net” and the like. If people searching for these sites find this blog article with the image removal shortcut, that is as close to vigilante justice as I’m going to see as a law-abiding citizen.
Backup Strat (Search Engine Removal)
I was lucky that Sydex/Alumnius’s hosting provider, Webzilla, is based in the US and therefore could be served a DMCA notice. If these images were hosted in a country without strong copyright laws, my image could have been much more difficult to take down.
The backup strategy would have been to serve the DMCA request directly to Google and Bing. That way, the image at least wouldn’t show up in search results anymore, though it would stay up on the original website. Another added effect is that if a domain receives enough DMCA complaints, Google will start demoting it in search results.
Do note that if you serve a DMCA request to Google, they will publish a somewhat redacted version of it in their transparency report, as well as forward it to LumenDB to become public record. So don’t do anything stupid, like try to claim copyright on an image that you don’t actually own copyright on, because that stupidity will be enshrined on the internet permanently.
It’s also worth noting that if your DMCA request is accepted, Google will show the following at the bottom of the search results page, where the searcher can click through to LumenDB and get a copy of the taken-down URL anyways:
In response to a complaint we received under the US Digital Millennium Copyright Act, we have removed 1 result(s) from this page. If you wish, you may read the DMCA complaint that caused the removal(s) at LumenDatabase.org.
Lumen does gate their notices such that you have to enter your email to see the URLs, but that’s not much of a roadblock for someone who really wants to find them.
How To Remove Your Profile Pic from Sydex.net and Alumnius.net
Whew, that was a lot. Did you only come here to learn how to take down your own photo, and you could care less about my whole story around it? Sorry about all that.
Without further ado, here’s a step-by-step for how to remove your profile pic from
alumnius.net, or really any web host that responds to DMCA requests:
Step 1: Find your profile pic URL
Find your profile on
alumnius.net, or whatever shady foreign “people search” site that wants you to pay to remove your profile. Right click your picture and click “view image”. At Sydex, for example, you should get an image url that’s in a similar format to this:
Step 2: Find the IP address(es) hosting that URL
Take the domain portion of the URL only (for example just
XXXXX-X.X.cdn12.com) and do an “A” dig lookup on it. It should give you one or several IP addresses under the
;ANSWER section next to where it says “IN A”, in my case these were
It can also be useful to pay attention to the “IN CNAME” section, if there is one. “IN CNAME” means “the domain you typed in is fronting this other domain behind it”, so you can use it to find intermediary companies, in my case CDN12.
Step 3: Find the hosting company behind the IP address(es)
Take these IP address(es) you found, and look them up using the search bar in the HE BGP toolkit. Then click on the Whois tab to get abuse contact information tied to the IP address. You may also find additional information by clicking through to the Origin AS page on the IP Info tab, then clicking the Whois tab there to get the abuse contact tied to the entire AS block.
Step 4: Sanity-check the abuse contact address
Do some light Google searching. At the time of writing, the abuse email for the IP address of
photo.sydex.net was listed both as
email@example.com. I went to
webzilla.com and discovered that there was a legitimate company named “Webzilla” selling hosting services there. Then I googled “webzilla dmca” and found their DMCA policy and instructions to send a request.
Step 5: Send a DMCA takedown request
Send a DMCA request per the hosting company’s instructions, or if they don’t provide any specific instructions, send it to their abuse email. You can model your DMCA notice after the one I sent. Only send a DMCA request if you are sure you own the copyright to the image of you. Make sure to use a valid burner phone number and valid mailing address separate from your residential address, as this info will be forwarded to the website owner / scammer.
I did it. I won. I think.
Different people will take different things away from this article, all of which have some speck of truth to them:
Max is a dumb-dumb for wasting so much time on this. (My defense is that during quarantine this has been decent entertainment. It created some content for my blog while offering recourse to other people who don’t want their photos up either, and the publication of this post on the internet served some very small amount of justice to these extortionists.)
Max is a dumb-dumb for wanting this old image of himself off the internet so badly. (My defense, again, is that I don’t have much else better to do, or better entertainment.)
Max is abusing the DMCA to remove an image of himself not really on the grounds of copyright, but because he just doesn’t like it being up. (I technically own the copyright to the photo, so legally speaking I can do whatever I please with it. And morally speaking, I’m on high ground against a company who deals in extortion.)
They say that the shorter the chain, the more fiercely the dog guards its territory. Staying at home in quarantine on my computer 24/7, I can only feel protective of my small corner of the internet.
Are you having any trouble removing your own profile from people search sites? Any success stories? I’d love to hear all of it in the comments!
P.S. Sydex/Alumnius: If you are reading this, do be aware that if you contact me, I plan to publish it here publicly.
Bonus Tip for MyLife.com!
Since you made it so far, here’s a bonus tip for removing your profile from MyLife.com, another shady data broker website. Apparently they were not smart enough to incorporate outside the USA, so they have been sued multiple times. So as soon as you lightly infer the possibility of legal action, all of a sudden it’s possible for them to remove your profile for you!
I found a website called Scamion that lists a physical address for Sydex.net along with some consumer complaints:
77 Spyrou Kyprianou Avenue
It’s worth noting that a commenter on Reddit also mentioned that Sydex is based in Cyprus.
Furthermore, a Google Search of that address reveals a third data broker site called “European Graduates” also claiming to be owned by Alumnius Corp! It’s hosted at
https://graduates.name/ and lists the same physical address in its footer:
77 Spyrou Kyprianou Avenue
6052 Larnaca, Cyprus
An anonymous user tipped me off in the comments that Sydex/Alumnius also runs a fourth data broker site called US Staff, hosted at
https://bearsofficialsstore.com. I can confirm this with reasonably high confidence, because they list the same data as Sydex/Alumnius, link to the exact same URLs for the pictures on their CDN, and use the same registrar for their domain.
Another user tipped me off that the website
Ufind.name and the Android app
People Finder are also affiliated with Sydex and Alumnius:
Saturday, August 15, 2020
From: xxx xxx <firstname.lastname@example.org>
Subject: Some more Sydex information. Say hello to Cyril
This is the name and email of one of the men in connection with sydex.net & alumnius.net. Кирилл Симогин his email is email@example.com This was the owner of the PayPal account that was used to collect ransoms for “QUICK MANUAL REMOVAL”.
Also connected to the following projects.
Some more interesting information comes up while researching this email address,.
I have also attached a screen capture of the profile picture of the PayPal account. I hope this is interesting. It cost me $20 to get this info. lol
I asked the person who sent me this if they would mind if I credit them by name, and I haven’t yet received a response. But in any case, thank you for this additional info!
Also, in light of another person who came forward in the comments section here trying to get their photo removed, today I confirmed (via DNS lookup) that the scammer has recently hopped CDNs to
ahacdn.me, a CDN that
as far as I can tell is run by AdvancedHosting, located in the Netherlands. I can only hope that they hopped CDNs because their previous CDN account with Webzilla was terminated. AdvancedHosting has an abuse contact email on their contact page, so I’ve just emailed them to confirm that they are the owners of
I received a reply to my email to AdvancedHosting. My email told them that they have a scammer using their CDN, and that I was tracking them and had published the details in the article you are reading now. This is what AdvancedHosting wrote back to me:
In reference to your enquiry below we want to make sure you are aware that we are the hosting company of this domain, not the owner and we don’t have access to the customer’s servers.
This doesn’t make sense. The definition of being a hosting company is that you own and provide the customer’s servers, and therefore have access to them. Maybe something was lost in translation.
They also wrote:
So we can’t alter the content in any way, but we have forwarded your complaint to the owner of the domain.
So they forwarded my info to these scammers. *facepalm*. I just sent them a reply email:
You’re joking. You just forwarded my complaint email to someone who I just told you is an extortionist?
Tell me you’re joking.
So, thanks AdvancedHosting for forwarding my detailed complaint email straight to the scammers. If they don’t already know about this article and about me following their breadcrumbs on the internet, they do now.
Another reply from AdvancedHosting came in last week:
According to your request we have contacted our customer and infringing content has been successfully removed and replied:
Hello. The user did not like that we were caching user avatars on our server. We remove user avatars upon request. Also all information about Maximillian Laumeister was removed from our sites. Thank you.
I wrote a reply today:
They do not remove user avatars upon request, they normally charge $20 to do so (extortion). They only removed my profile for free after I reported them to their previous CDN provider, causing them to switch CDNs to yours. It’s apparent that you did not read the article I wrote or the complaints on Reddit that I sent you, as they detail how this company’s scam works.
My article where I publish this email chain and explain how AdvancedHosting is complicit is currently the #1 Google result for “sydex removal” and “alumnius removal”.
Expect more abuse complaints to roll in.
I received another anonymous tip yesterday via email, saying that the police visited Sydex’s address and found nobody there:
Thursday, September 3, 2020
From: xxx xxx <firstname.lastname@example.org>
Subject: Some more Sydex information
Thanks for your work on the Sydex stuff. Your DMCA approach worked great but I still can’t get them to remove my full profile yet. Anyway, a couple months ago on a whim I kicked this over to GDPR authorities in Cyprus and they actually visited the address (see attached screenshot). Bogus, but it appears they have now removed this address from sydex.net. Anyway, thought you might get a kick out of that.
I did get a kick out of that. Thanks Anon.
More Articles Tagged #privacy
How I Removed My Own Face From My Head
17 June 2020 satire tech privacy
Why Does Microsoft Charge $100 For BitLocker?
07 November 2018 privacy tech