Maximillian Laumeister

How I Removed My Profile Pic from Sydex.net and Alumnius.net People Search

Using internet backbone records, I traced Sydex and Alumnius to a Dutch web host involved in Russia-USA election interference.

Sydex.net Screenshot

Author Note: This article is about removing your face from the internet. To physically detach your face from your head, see my other article How I Removed My Own Face From My Head.

Section Navigation


Introduction

A couple months ago, I decided it was time to change up the profile pic that I use on GitHub, Twitter and LinkedIn. The old picture was a self-portrait that I hastily took in 2013, and while it served its purpose well, it depicts me much younger than I am now. Plus the composition is a little janky, so it looks kind of derpy.

So I replaced my portrait everywhere on the internet. Since there were many copies out there, I made a game of it. I changed my profile pic on Google, LinkedIn, GitHub, Keybase, Twitter, Crunchbase, Codepen, GitLab, Ko-Fi, everywhere. I deleted accounts. I deleted old Reddit posts. I finally sniped all the indexed copies out there, and asked google to remove the broken links from its search results.

Sydex.net Example Profile
Example Sydex.net profile, using a randomly generated person.

Except one.

Sydex.net and Alumnius.net, two “people search” sites running on the same infrastructure, had crawled my headshot from LinkedIn and rehosted it without my permission, and their image was ranking in Google for my name.

The business model of Sydex.net and Alumnius.net is quite simple. They scrape data from public sources such as LinkedIn, and rehost it on their own website. Then they charge you a fee if you want to remove it. Redditor RandomComputerFellow explains it well:

From a legal perspective this service is 100% illegal and they know this. Their business model is to expose people and then charging 20 bucks from them so they delete this information.

The problem is that they are based in Cyprus and there is no way to proceed against them because authorities down there are corrupt as fuck and will not do anything.

If you look at Alumnius.net, you can see what RandomComputerFellow was referring to: a “Rapid Removal” page where they ask for payment in exchange for the removal of your profile.

This is the removal page for sydex.net:

Sydex.net Rapid Removal

And the removal page for alumnius.net, a bit more explicit about the payment part:

Alumnius.net Rapid Removal

As you can see, they are almost identical.

Motivated by the desire to expose a shady company (and not willing to cough up $20 even if it were moral), I decided I would (1) learn as much about Sydex/Alumnius as possible, (2) try to remove my profile pic by going through their hosting company, and (3) dox their hosting setup as thoroughly as I can on my personal blog, so that other people who want to remove their own profile pics don’t have to re-do any legwork.

Luckily, there was an angle for me to take. All that Hollywood anti-piracy legislation was actually good for something, it seems. In their frenzy to take down pirated movies on the internet, they left in their wake a legal tool that would come in useful to take down my profile picture, the Digital Millenium Copyright Act, or DMCA.

Attempt 1 (Failure): King Servers

Knowing that the owners of Sydex/Alumnius were not likely to give me their “service” (removal) for free, I figured my first stop for complaint should be with their hosting provider.

Unfortunately, Sydex.net and Alumnius.net are hosted by King Servers B.V., a well-known bulletproof hosting company based in Russia notorious for hosting shady websites, ignoring abuse complaints, and selling anonymous server space to Russian hackers who attempted United States election fraud in Arizona and Illinois. But I didn’t know that at first, so here’s the abuse message I sent them:

On Sun, May 17, 2020 at 10:1 PM, I wrote:

I believe you are hosting content that infringes my copyright. The domain hosting the infringing content is sydex.net, which has IP address 204.155.30.162. Can you confirm whether King Servers controls this IP address?

They responded to tell me that the domain and IP address are not under their control:

Mon, 18 May 2020 07:47:52 +0000

Hello,

This domain and IP address are not owned by our customers

Vladimir K. from King Servers

But that’s jiggery-pokery.

See, if you do a dig lookup on sydex.net, you get the IP address 204.155.30.162.

And if you do an ARIN whois lookup on that IP address, you can see that that IP address is part of IP block AS14576, owned by Hosting Solution Ltd., with contact information listed as king-servers.com. In other words, in the backbone internet records, King Servers is listed as the abuse contact for this IP address.

I emailed them saying in a polite way that they are listed as the network operator and contact for that IP address, so either the whois information is inaccurate, or the claim that they don’t control it is a load of baloney. It’s been several weeks. I haven’t heard back, and I don’t expect to. They also haven’t “corrected” their whois registry entry, and I don’t expect them to.

Here is the full whois record for AS14576 (containing IP block 204.155.30.0/23), as of this article’s publication, for archival purposes:

ASNumber: 14576
ASName: HOSTING-SOLUTIONS
ASHandle: AS14576
RegDate: 2013-10-17
Updated: 2013-10-17
Ref: https://rdap.arin.net/registry/autnum/14576

OrgName: Hosting Solution Ltd.
OrgId: HSL-50
Address: Office:
Address: Hosting Solution Ltd.
Address: 201 Rogers Office Building
Address: Edwin Wallace Rey Drive
Address: George Hill,
Address: Anguilla
Address:
Address: Data Center:
Address: Hosting Solution Ltd.
Address: C/O Hurricane Electric
Address: 48233 Warm Springs Blvd
City: Fremont
StateProv: CA
PostalCode: 94539
Country: US
RegDate: 2013-05-31
Updated: 2017-01-28
Comment: http://king-servers.com/
Ref: https://rdap.arin.net/registry/entity/HSL-50

OrgAbuseHandle: ABUSE4868-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-408-622-0063
OrgAbuseEmail: abuse@king-servers.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE4868-ARIN

OrgTechHandle: NOC32063-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-408-622-0063
OrgTechEmail: noc@king-servers.com
OrgTechRef: https://rdap.arin.net/registry/entity/NOC32063-ARIN

OrgNOCHandle: NOC32063-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-408-622-0063
OrgNOCEmail: noc@king-servers.com
OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32063-ARIN

Attempt 2 (Failure): Hurricane Electric

While looking at the whois record above, I noticed that while the IP is assigned to Hosting Solution Ltd, it’s allegedly being served by a Hurricane Electric datacenter in Fremont, CA, USA.

Hurricane Electric is an “Internet Backbone and Colocation Provider”. In other words, they route core internet traffic, and also have a side business of providing on-site server rooms for business customers (e.g. the hosting company/reseller who hosts Sydex/Alumnius). The name Hurricane Electric wasn’t new to me, as a few years back I had considered using their services to host DNS for my personal site that you’re reading right now.

So I sent an email to Hurricane Electric’s abuse address:

Hi,

Can you confirm that this IP address is hosted at HE datacenters?

204.155.30.162

The HE ARIN whois record seems to indicate that your datacenters are serving up this IP for your customer “Hosting Solution Ltd.” in connection with “King Servers B.V.”:
https://bgp.he.net/net/204.155.30.0/23#_whois

This IP is serving up content that violates my copyright under US law, at the domain sydex.net. King Servers B.V. is based in the Netherlands/Russia, and when I messaged them about copyright abuse, they denied that the IP address or domain are connected to them.

From what I’ve read, King Servers B.V. is seen as a “bulletproof” host in the piracy industry due to their policy of ignoring abuse emails, so I am hoping that I can work with you in taking down this copyrighted content instead, since it seems to be hosted at your datacenter in Fremont.

In that respect, this customer also seems to be violating your Acceptable Use Policy:
https://he.net/aup.html

If you can confirm that you host this IP address, I will be able to send a proper DMCA notice to make the takedown request official.

Thank you,
Maximillian Laumeister
maxlaumeister.com

It’s been several weeks since I sent that message. Because Hurricane Electric is an internet backbone company, I have every reason to believe that they are the “good guys” and want to keep scummy websites out of their datacenter, or at least respond to copyright complaints. Indeed, their acceptable use policy says that their customers must not “do anything illegal or anything that adversely affects Hurricane’s legal interests”. Perhaps they haven’t gotten to my abuse email yet, or it flew under their radar - or the whois record was inaccurate, they don’t actually host that IP, and so didn’t bother responding.

In the mean time, I found a last angle of attack.

Attempt 3 (Success): Webzilla

While scouring the source code of sydex.net to figure out how it was hosted, something finally jumped out at me that I missed the first time.

When you inspect a profile image on sydex.net, you can see that it’s generally of the form http://photo.sydex.net/000000000.jpg, where the zeroes are a string of numbers that serve as an id number for the image.

In other words, the images are loaded from photo.sydex.net, a different domain than sydex.net proper.

I clicked through on one of the images directly, and sure enough it redirected me to a cdn12.com subdomain - a separate hosting provider solely for Sydex’s images. I ran another dig lookup, this time on photo.sydex.net, which confirmed that cdn12.com is indeed the next “layer of the onion” behind it.

So I started doing research on cdn12.com. There is no website at the apex domain (in other words, http://cdn12.com and http://www.cdn12.com do not yield any website in a web browser). The only real information I could find out there on the internet was a listing from a data aggregator called Apollo.io.

According to Apollo.io:

CDN12 is an international service provider focusing on delivering the best possible CDN to its customers, while keeping its prices fair. Rock-solid reliability together with 24/7 tech support ensure impeccable results and establish CDN12 as a worldwide leader in the industry.

So in other words, a load of marketing speak that doesn’t mean anything and doesn’t convey any useful information.

Here’s a screenshot of the listing for archival purposes:

cdn12.com listing on apollo.io

Who was this mysterious CND12, and why were they providing services to sydex.net and alumnius.net?

If only there were a way to find out who is hosting cdn12.com. Hey, let’s do another ARIN whois lookup.

I dug 10727-6.b.cdn12.com and got IP addresses 204.155.145.195 and 204.155.145.210.

Then I did an ARIN lookup on 204.155.145.195 and got IP block AS40824.

And we get another whois entry:

ASNumber: 40824
ASName: WZCOM-US
ASHandle: AS40824
RegDate: 2008-04-24
Updated: 2012-03-20
Ref: https://rdap.arin.net/registry/autnum/40824

OrgName: WZ Communications Inc.
OrgId: WZCOM
Address: 110 E.Broward blvd
Address: Suite 1700
City: Fort Lauderdale
StateProv: FL
PostalCode: 33301
Country: US
RegDate: 2008-03-19
Updated: 2010-04-12
Ref: https://rdap.arin.net/registry/entity/WZCOM

OrgAbuseHandle: WZCOM1-ARIN
OrgAbuseName: WZCOMM Abuse
OrgAbusePhone: +1-954-237-3587
OrgAbuseEmail: abuse@webazilla.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/WZCOM1-ARIN

OrgTechHandle: WZCOM-ARIN
OrgTechName: WZCOMM NOC
OrgTechPhone: +1-408-404-3912
OrgTechEmail: bk@webazilla.com
OrgTechRef: https://rdap.arin.net/registry/entity/WZCOM-ARIN

So, the subdomain of cdn12.com that is serving images for sydex.net is hosted by WZ Communications Inc. in Fort Lauderdale, FL., and they list an abuse contact of abuse@webazilla.com.

Before I sent an email there, I visited webazilla.com myself to get a sense for the sort of hosting company I was dealing with. It redirected me to webzilla.com, without the first “a”. Thinking that their whois data might have been outdated and pointing to an email address at their old domain, I decided to look up their abuse email myself to verify the whois entry.

One google search of “webzilla dmca” later, I found a document stating that they comply with the DMCA (pdf), and giving instructions for how to file a notice. Bingo.

So I sent them a proper DMCA takedown notice.

Do note that when you send a DMCA takedown request, you are signing under penalty of perjury that you are the copyright owner or acting at the copyright owner’s request. I’m not a lawyer but I’m pretty sure this is serious stuff, so if you are not sure if you own the copyright to your photo like I did, do your own research.

Here’s the DMCA takedown notice I sent to Webzilla at abuse@webzilla.com:

Subject: DMCA Takedown Request - Notice of Infringement

To Whom It May Concern,

The following information serves to assert my rights and request removal of allegedly infringing web content under the Digital Millennium Copyright Act (DMCA). The following is a report, in good faith, of alleged copyright infringement. I am contacting you as the designated agent for the site upon which the infringing work currently appears. This letter is a Notice of Infringement as authorized in §512(c) of the U.S. Copyright Law.

I am the copyright owner of the works and the following is true and accurate.

  1. A copy of my original copyrighted work is attached to assist you in your evaluation and determination. The following is a short description of the work:

    This work is a self-portrait that I took using my own camera. I own the copyright to it. It depicts me, a young adult male, wearing a black shirt in front of a cloudy gray background.

  2. The allegedly infringing image appears at the following location(s) online:

    https://<redacted>.b.cdn12.com/<redacted>.jpg

    …in connection with the following web pages:

    https://sydex.net/page<redacted>
    https://alumnius.net/university_of_califo<redacted>

  3. My contact information, as copyright holder, is as follows:

    Maximillian Laumeister
    <phone redacted>
    <email redacted>
    https://www.maxlaumeister.com/

    <street name redacted>
    <city, state and zip code redacted>

  4. The information of the alleged copyright infringers are:

    Owner of Sydex.net
    sydex.net

    Alumnius Corp.
    alumnius.net

    Owner of CDN12
    cdn12.com

  5. I have a good faith belief the use of the above referenced copyrighted work(s) that appear on the website for which you are the designated DMCA agent is not authorized by the copyright owner, its agent, or by law.

I declare, under penalty of perjury, this notice is true and correct and that I am the copyright owner entitled to exclusive rights which I allege are being infringed.

Signed this <redacted> day of May, 2020 in Santa Cruz, CA, United States of America.

Maximillian Laumeister

Be aware that the hosting provider will forward your details to the scammers to serve the notice, so be sure to use a burner phone number and an address other than your residential address that you can receive mail at.

Two days later, I received a brief email from Webzilla stating that the allegedly infringing content has been removed. Maybe if everyone sends in DMCA takedowns for their profile pics, Webzilla will eventually kick these extortionists off of their CDN.

Hopefully the article you’re reading should rank for search engine queries such as “sydex.net removal”, “remove profile from alumnius.net” and the like. If people searching for these sites find this blog article with the image removal shortcut, that is as close to vigilante justice as I’m going to see as a law-abiding citizen.

Backup Strat (Search Engine Removal)

I was lucky that Sydex/Alumnius’s hosting provider, Webzilla, is based in the US and therefore could be served a DMCA notice. If these images were hosted in a country without strong copyright laws, my image could have been much more difficult to take down.

The backup strategy would have been to serve the DMCA request directly to Google and Bing. That way, the image at least wouldn’t show up in search results anymore, though it would stay up on the original website. Another added effect is that if a domain receives enough DMCA complaints, Google will start demoting it in search results.

Do note that if you serve a DMCA request to Google, they will publish a somewhat redacted version of it in their transparency report, as well as forward it to LumenDB to become public record. So don’t do anything stupid, like try to claim copyright on an image that you don’t actually own copyright on, because that stupidity will be enshrined on the internet permanently.

It’s also worth noting that if your DMCA request is accepted, Google will show the following at the bottom of the search results page, where the searcher can click through to LumenDB and get a copy of the taken-down URL anyways:

In response to a complaint we received under the US Digital Millennium Copyright Act, we have removed 1 result(s) from this page. If you wish, you may read the DMCA complaint that caused the removal(s) at LumenDatabase.org.

Lumen does gate their notices such that you have to enter your email to see the URLs, but that’s not much of a roadblock for someone who really wants to find them.

How To Remove Your Profile Pic from Sydex.net and Alumnius.net

Whew, that was a lot. Did you only come here to learn how to take down your own photo, and you could care less about my whole story around it? Sorry about all that.

Without further ado, here’s a step-by-step for how to remove your profile pic from sydex.net, alumnius.net, or really any web host that responds to DMCA requests:

Step 1: Find your profile pic URL

Find your profile on sydex.net or alumnius.net, or whatever shady foreign “people search” site that wants you to pay to remove your profile. Right click your picture and click “view image”. At Sydex, for example, you should get an image url that’s in a similar format to this:

http://photo.sydex.net/000000000.jpg or http://XXXXX-X.X.cdn12.com/000000000.jpg

Step 2: Find the IP address(es) hosting that URL

Take the domain portion of the URL only (for example just photo.sydex.net or XXXXX-X.X.cdn12.com) and do an “A” dig lookup on it. It should give you one or several IP addresses under the ;ANSWER section next to where it says “IN A”, in my case these were 204.155.145.210 and 204.155.145.195.

It can also be useful to pay attention to the “IN CNAME” section, if there is one. “IN CNAME” means “the domain you typed in is fronting this other domain behind it”, so you can use it to find intermediary companies, in my case CDN12.

Step 3: Find the hosting company behind the IP address(es)

Take these IP address(es) you found, and look them up using the search bar in the HE BGP toolkit. Then click on the Whois tab to get abuse contact information tied to the IP address. You may also find additional information by clicking through to the Origin AS page on the IP Info tab, then clicking the Whois tab there to get the abuse contact tied to the entire AS block.

Step 4: Sanity-check the abuse contact address

Do some light Google searching. At the time of writing, the abuse email for the IP address of photo.sydex.net was listed both as abuse@webazilla.com and abuse@webzilla.com. I went to webzilla.com and discovered that there was a legitimate company named “Webzilla” selling hosting services there. Then I googled “webzilla dmca” and found their DMCA policy and instructions to send a request.

Step 5: Send a DMCA takedown request

Send a DMCA request per the hosting company’s instructions, or if they don’t provide any specific instructions, send it to their abuse email. You can model your DMCA notice after the one I sent. Only send a DMCA request if you are sure you own the copyright to the image of you. Make sure to use a valid burner phone number and valid mailing address separate from your residential address, as this info will be forwarded to the website owner / scammer.

Conclusion

I did it. I won. I think.

Different people will take different things away from this article, all of which have some speck of truth to them:

They say that the shorter the chain, the more fiercely the dog guards its territory. Staying at home in quarantine on my computer 24/7, I can only feel protective of my small corner of the internet.

Bah.


Are you having any trouble removing your own profile from people search sites? Any success stories? I’d love to hear all of it in the comments!

P.S. Sydex/Alumnius: If you are reading this, do be aware that if you contact me, I plan to publish it here publicly.

Ongoing Updates

Update 7/1/2020: I found a website called Scamion that lists a physical address for Sydex.net along with some consumer complaints:

Sydex.net
77 Spyrou Kyprianou Avenue
Larnaca, Cyprus

It’s worth noting that a commenter on Reddit also mentioned that Sydex is based in Cyprus.

Furthermore, a Google Search of that address reveals a third data broker site called “European Graduates” also claiming to be owned by Alumnius Corp! It’s hosted at https://graduates.name/ and lists the same physical address in its footer:

Alumnius Corp.
77 Spyrou Kyprianou Avenue
6052 Larnaca, Cyprus

Bonus Tip for MyLife.com!

Since you made it so far, here’s a bonus tip for removing your profile from MyLife.com, another shady data broker website. Apparently they were not smart enough to incorporate outside the USA, so they have been sued multiple times. So as soon as you lightly infer the possibility of legal action, all of a sudden it’s possible for them to remove your profile for you!

For more details, click through to my companion mini-article about how I removed my MyLife.com profile.

More Articles Tagged "privacy"

View All Articles