14 November 2025 UPD: We have updated the article with more information about the bailiff reports sent to us and the person who ordered them.
The FBI is investigating Archive.is (also known as Archive.today), it was recently revealed. The agency issued a subpoena to the site’s domain registrar, seeking information about the person behind it, citing a “federal criminal investigation.”
Archive.is was launched in 2012 by someone using the name Denis Petrov – Although whether this is his real identity or not is unclear. The site lets users save “snapshots” of web pages by submitting URLs, making it a valuable tool for preserving content that might otherwise be missing. But because it can also be used to bypass paywalls, it has long been a thorn in the side of many media organizations.
Although the exact nature of the FBI investigation has not been confirmed, it has been speculated that it may be related to copyright or CSAM (child sexual abuse material) dissemination issues. Overall, the situation suggests that there is increasing pressure on those who run Archive.is and the intermediaries who help make its service accessible. As it turns out, AdGuard DNS may have become just such a pressure point.
how we got entangled
A few weeks ago, we were contacted by a representative of an organization called Web Abuse Defense AssociationA French group that claims to fight against child pornography. Their website is webabaseddefense.com, and here is an archived version as of November 7.
They demanded that we block the domain archive.today (and its mirrors) AdGuard DNS, alleged that the site’s administrator had refused to remove illegal content since 2023. To be clear, Archive.today allows users to take “snapshots” of any webpage, including potentially illegal content. In such cases, it is the job of the site administrator to respond to complaints and remove that content immediately.
This struck us as odd – we are not a hosting provider, and it seemed unusual for an infrastructure-level service like ours to be asked to take such action.
Soon after, the situation escalated to what we can only describe as direct threats:
We won’t share all the screenshots here, but there were many similar messages.
We sought legal advice and unfortunately we found that French law, specifically Article 6-i-7 Use Confidence in Economy Numerics (LCEN), indeed we may need to respond and implement blocking measures, at least for French users.
“This whole situation shows how inadequate this regulation is,” he said. Such decisions should be made by a court – a private company should not decide what counts as “illegal” content under threat of legal action.
Still, the story did not become anything special. Since someone was trying to pressure us to take action, we decided to contact the other party, Archive.today, directly.
We sent an email to Archive.today’s contact address and asked two simple questions:
- Can they remove illegal content from URLs we were notified about?
- Is it true that they had refused to remove such content in the past, and were they informed about it earlier?
He replied within a few hours. The response was straightforward: the illegal content would be removed (and we verified that it was), and they did Never Any previous information received about those URLs.
Furthermore, he indicated that Archive.today was targeted by a campaign of “serial” complaints, purportedly from French organizations, which were sent to various companies and institutions that could potentially harm the site. He also shared a link displaying a similar complaint as we had received.
At the time, things seemed pretty strange, so we decided to dig deeper into the “complainant.”
Web Abuse Defense Association The website references several well-known organizations – Europol, OFAC, NCA – yet provides no details or evidence of any cooperation with them.
The association was registered in February–March 2025, around the same time its website appeared. There is very little public information about this. Interestingly, registration of an association in France can apparently be done completely online and does not require identity proof.
The association is largely registered at the address used for company registration, which is not inherently problematic but does indicate that the entire registration process can be done online by a single person.
Its Twitter/X account appeared recently – in August 2025. It only has four followers, and its feed consists of only a few reposts.
None of this proves anything in itself, but still something doesn’t add up. In his first email, the “head” of the association claimed that his correspondence with Archive.today began with a bailiff report from 2023. That timeline doesn’t fit at all.
We examined the so-called “bailiff reports” that they sent us as evidence. It is important to note that these are not bailiff reports in the English sense – these are “Constat d’Huisier sur Internet,” Official records of online content such as webpages, posts or videos. These special reports were ordered online through a service called QualiJuris, and, based on the timestamps, most of them were created in August 2025 – not 2023.
Only two of these bailiff reports were ordered from a similar service in 2023. Interestingly, these were not ordered by WAAD. The name of the person who ordered these bailiff reports matches the name that appears in the correspondence shared with us by the Archive.today administrator – the same name he wrote about on X in 2024. In that case, the complaint came from a real lawyer – but someone had registered a domain with the lawyer’s alias, containing nothing except a redirect to the lawyer’s real website, and the complaint was sent the same day. The domain was used only for sending emails and is no longer active. Interestingly, the LCEN law was also used in that email.
So what is the connection between WAAD and that earlier lawyer? Are these bailiff reports real and could it be a case of someone impersonating a real person? We don’t know yet, but we hope the truth will be known soon.
Unfortunately, we couldn’t delve deeper into who is really behind WAAD. domain webabusedefense.com is registered with name.comBut ownership information (including historical records) is hidden. They use ProtonMail for email, so that’s another standoff. The site itself is behind Cloudflare, making further detection impossible.
What do we have in the end
All said and done, here’s where things stand now:
- The illegal content was immediately removed from Archive.today after we informed them.
- The complaints against the site seem extremely suspicious. In our case, they came from an organization that was recently registered and seems to have been set up deliberately to hide the identity of the people behind it.
- The sample complaint shared by the admin of Archive.today shows signs of impersonation of a real person. We have contacted the person concerned and are currently awaiting a reply.
- In our case and that other example, recipients were pressured to act under French LCEN law. However, the same law also provides for penalties for false reports:
Art. 6-I-4 LCEN:
4. Any person who presents to persons referred to in paragraph 2 material or activity as illegal, for the purpose of removing it or preventing its dissemination, when he knows that the information is false, shall be punished with imprisonment for a term of one year and a fine of €15,000. - We believe there are signs of criminal behavior here that should be investigated by law enforcement. Therefore, we will file an official complaint with the French police including all relevant details.
- All this is coming to light amid reports of an FBI investigation into the owner of Archive.today. It seems that this investigation may be related to CSAM hosting. Although we cannot confirm any connection between that case and ours, the timing is certainly suspicious.