On October 30th, the FBI issued a subpoena to domain registrar Tucows, seeking detailed account information tied to the domain Archive.today, including customer names, billing details, payment methods, network data, and associated online services. The request states that the data “relates to a federal criminal investigation,” although no specific offense has been named.
The subpoena appears to mark an effort to unmask the operator of Archive.today, also accessible through mirrors such as Archive.is, Archive.ph, and Archive.md. Since its creation in 2012, the site has been widely used as a preservation and verification tool, allowing users to capture web pages before they disappear or change.
Yet despite its visibility and influence, one question has remained unanswered since its launch: Who actually runs Archive.today?
The domain registrant for archive.today has always been redacted for privacy reasons.
However, the story really begins in the early 2010s, with WHOIS records that list a registrant name for archive.is as “Denis Petrov”, with an address in Prague, Czech Republic.
The name Denis has also been previously tied to archive.is through an email that is sent to both denis@camfex.cz and admin@archive.is.
Searching for ownership records for the camfex.cz domain also returns the name Denis Petrov: https://whois.easycounter.com/camfex.cz.
Breached data for namecheap@camfex.cz returns an address in Russia, 154 Stachek, ST Petersburg, rather than the Bilkova address in Prague seen in the public WHOIS records. This address, when searched on Google StreetView, shows that someone living in the building has requested that their property is not shown.
Another piece of information pointing to Denis is found on the Internet Archive. When visitors go to archive.today currently, there is a donate button that points to https://coindrop.to/archive. However, a previous archived version of that page from 2020 shows that same button directing to a PayPal account. This PayPal account was set up under the name Denis Petrov.
Money can still be sent to this account, which may provide further information. However, this would be considered direct contact with the individual and so we chose not to continue with this line of inquiry.
At this stage, the question becomes, is “Denis Petrov” a real person? A borrowed identity? Or a pseudonym used for registration convenience?
The phone number for Denis Petrov found in the WHOIS records is a Czech number: +420 775 168 924. Running this number through breached data sources returns the name Igor Kuznecov and the email address igor@camfex.cz, the same domain previously linked to Denis.
An Igor Kuznetsov also appears on the Czech business register with ties to Camfex:
https://rejstrik.penize.cz/igor-kuznetsov. This lists an address in Tula, M. Toreza 34/4, Russian Federation.
Additionally, Igor Kuznetsov is named as a director of a UK business, CAMFEX GROUP LTD, registered at Companies House.
The overlap between Denis and Igor, both using @camfex.cz, suggests the two identities may be connected, or possibly the same individual operating under different names.
The GitHub repository for Archive.is (https://github.com/archiveis) lists an author under the handle “Conferno.”
Searching broadly for this handle returns a Twitch streamer and a Russian developer, Alexander Conferno. There is no direct evidence linking this individual to Archive.today beyond the shared username. The same handle appears on social platforms such as https://x.com/conferno and https://dribbble.com/Conferno, though these may be unrelated accounts.
The connection remains circumstantial, but the presence of the handle on GitHub suggests that “Conferno” could have been an operational or technical alias associated with Archive.is.
The handle “MashaRabinovich” began appearing in discussions directly referencing Archive.is. For instance, in an F-Secure community thread, the user masharabinovich writes, “on my website http://archive.is/,” implying a personal connection to the platform.
In 2020, the same LinkedIn account under that name was observed logging captures of LinkedIn profiles on Archive.today mirrors, such as https://archive.vn/IPEEd and https://archive.vn/EPaEH. Both show that the logged-in user who performed the captures had the Masha Rabinovich profile photo visible.
Breached data for that deleted LinkedIn account shows it was registered under the email linkedin@camfex.cz, once again linking back to the Camfex.cz domain.
This shared mail infrastructure strongly suggests that Masha, Denis, and Igor were all operating within the same environment, possibly as the same person, or as collaborators sharing a single mail server.
A YouTube account named Masha Rabinovich (https://www.youtube.com/@4723984621) contains a single video demonstrating how to use Archive.is, further reinforcing the connection between this identity and the archiving platform.
A YouTube account under the name Masha Rabinovich, https://www.youtube.com/@4723984621, also contains a single video, which explores how to use archive.is.
Ownership of Archive.today and its mirror sites could fall under two main hypotheses:
Denis as the domain registrant and public-facing name.
Igor as a supporting or alternate identity tied to business and hosting.
Masha as a user-facing or content-capture persona.
Conferno as a developer or code distribution handle.
Both remain plausible. What is clear is that every alias connects through the same core ecosystem, most notably, the @camfex.cz domain.
Across years of public records, that domain appears repeatedly, suggesting that whoever controlled the Camfex.cz mail server was likely involved in or closely linked to the Archive.today project.
The October 2025 FBI subpoena represents the first verifiable move by U.S. authorities to pierce that anonymity. By targeting Tucows, the registrar for several Archive.today domains, investigators are seeking billing addresses, payment information, and session data that could connect the online infrastructure to a physical location or identifiable person.
The FBI’s ongoing investigation may eventually provide definitive answers. Until then, all that exists is the public record is a network of domains, business registrations, and handles.