A single frame, a world of questions
Archive.today is not your typical web archiving service. Where most archiving tools send simple bot requests that websites can easily detect and block, Archive.today does something more sophisticated: it renders pages in a headless browser, executes JavaScript and—crucially—can log in to social media sessions. This technical approach allows it to capture dynamic content on platforms like Twitter/X, Facebook and Reddit that would otherwise remain out of reach.
The service’s operator has remained anonymous since its creation, communicating only through cryptic blog posts and maintaining infrastructure across jurisdictions with relaxed oversight. For years, researchers have tried to pierce that veil, following domain registrations, payment trails and server fingerprints. Most leads end in dead ends or pseudonyms.
Then, in one archived capture of a Twitter/X page, something unusual appeared: a logged-in handle reading @advancedhosters. Further analysis revealed this wasn’t an isolated incident—the account appears in multiple archived Twitter/X captures, showing it was actively and repeatedly used by Archive.today to maintain logged-in sessions for archiving content on the platform. The earliest confirmed use of this account for archiving purposes that we were able to identify dates to 9 July 2024 at 09:51:08 UTC (link).
Screenshot of an archived Elon Musk tweet showing the @advancedhosters account logged in at the top of the browser interface, with an arrow highlighting the account name. Source: Archive Today [archived]
Screenshot of the @advancedhosters Twitter/X profile from an archived capture, showing the account details including location (Cyprus), website link (advancedhosters.com), join date (September 2019), and post count (15 posts). Source: Archive Today [archived]
On its own, this single frame proves nothing definitive. Accounts can be borrowed, shared, purchased or compromised. But unlike the pseudonyms and privacy-service registrations that typically surround Archive.today, this handle connects to something concrete: a real hosting company with verifiable corporate records, physical addresses and a two-decade operational history.
That connection—thin as it might be—offers researchers the first clear pivot from Archive.today’s shadowy operations into a mappable ecosystem of infrastructure providers. This article follows that thread.
A closer look at the account: @advancedhosters on X
If the @advancedhosters handle is going to serve as an investigative pivot, it deserves scrutiny on its own terms. What kind of account is this, and what does its activity reveal?
Archived snapshots show a minimalist profile:
- 15 posts total since joining in September 2019
- Location: Cyprus
- Website: advancedhosters.com
- Display name: „adVanced hosterZ” (the „V” and „Z” letters carrying post-February 2022 Russian military associations)
- Modest following: a few dozen followers, ~50 accounts followed
This is not a typical corporate account. It doesn’t engage customers or build audience. Instead, it reads like a utility account—maintained for platform access or technical purposes, such as logging in to capture social media content.
X’s account metadata reveals the locations from which @advancedhosters has logged in:
- December 2025: Singapore
- February 2026: Vietnam
This geographic pattern is significant for two reasons:
For an account operated by someone with infrastructure expertise, these are almost certainly VPN or proxy endpoints rather than physical locations. But the pattern itself is worth noting: both logins route through Southeast Asia, a region known for its hosting infrastructure, relatively permissive regulatory environment and strategic position between Europe and the Asia-Pacific.
The Singapore login is particularly noteworthy because Pavlo Z., the former Advanced Hosters system administrator who now runs Infatica, is documented as operating from Singapore. Whether this reflects his direct involvement, coincidental VPN selection, or deliberate geographic mimicry is impossible to determine from login metadata alone.
This Southeast Asian connection appears elsewhere in unexpected ways. In a 2016 blog post, Archive.today’s administrator was asked „how you make money?” and replied: „There are donations, more than $1.50 every day, enough for a bowl of phở.” The reference is telling—not just for mentioning the Vietnamese dish, but for using the correct diacritical marks (phở, not „pho”) and framing daily expenses through a Southeast Asian cultural lens. This isn’t the kind of comparison that naturally occurs to someone operating from Eastern Europe or Russia; it suggests either genuine familiarity with the region or a deliberate attempt to signal presence there.
What the pattern does show is operational consistency: whoever controls @advancedhosters is routing through Southeast Asian infrastructure—whether because they’re based there, because they’re using commercial proxy services in the region, or because they’ve deliberately chosen that geographic footprint for operational reasons.
What the account posts: sparse, but revealing
The account’s limited activity follows a clear pattern:
Pro-Russian narrative amplification
In March 2022, the account reposted French-language content framing Ukraine’s Azov regiment through neo-Nazi accusations—a narrative frequently deployed in Russian information operations.
Direct Archive.today references and pro-Russian narratives
In March 2022, the account posted a link to an archived Telegraph article titled „If not us, who? If not now, when?”—a lengthy pro-Russian text justifying the invasion of Ukraine, denying Ukrainian statehood, describing the conflict as stopping a „genocide of Russian people”, and accusing the West of supporting „Ukrainian Nazis”. The post is signed „Russian invader” with the letter „Z”—the symbol adopted by Russian forces during the invasion. This wasn’t a neutral share; it was active promotion of Russian state narratives at a critical moment in the conflict.1
Technical and linguistic patterns
The account’s replies include references to the „volth” GitHub account and discussions of its ban for Code of Conduct violations. Other replies are written in Russian, indicating the operator’s linguistic background and connecting the account to both Archive.today’s known operational identities and Russian-language communities.
Public dispute documentation
The account’s pinned post (December 2023) links to a LiveJournal entry titled „mopaiv.com post-mortem activities”—a detailed narrative about a legal dispute over Archive.today captures. The post includes a full email thread between a Brussels-based lawyer requesting content deletion and replies from „Volth [volth@volth.com]” pushing back aggressively. The „volth” identity has been extensively documented in forum posts (link, link) and investigative articles (link) as being linked to Archive.today’s administration—a GitHub account under this username and email was previously used to archive repositories via Archive.today before being banned from the platform for Code of Conduct violations.
This blog functions as a public dossier drop: preserving the operator’s narrative, framing opponents negatively and signalling that Archive.today will publish private correspondence when pressured. The LiveJournal comment thread contains extensive abusive language in Russian, including ethnic and homophobic slurs.
Source: LiveJournal [archived]
The @advancedhosters account behaves like an operator channel rather than a corporate presence.
Whoever controls it:
- Has direct access to Archive.today operational correspondence and dispute details
- Engages with Russian-language technical communities and references key pseudonyms (volth) linked to the service
- Uses the account to amplify geopolitically charged content aligned with Russian narratives
- Documents disputes publicly and signals willingness to fight back
This pattern significantly narrows the range of plausible explanations. A passively compromised account wouldn’t be posting detailed legal disputes. A standard corporate account wouldn’t be documenting internal correspondence or engaging with GitHub ban discussions.
The company behind the handle
Advanced Hosting (historically known as Advanced Hosters) presents itself as a mid-sized hosting provider with global reach. According to the company’s official materials, it was founded in 2002, beginning with a single rented server and growing into an operation that by 2025 claims to manage over 9,000 servers across data centres in the United States, Europe and Asia.
The company markets the full range of infrastructure services: bare-metal servers, private and public cloud environments, content delivery networks and colocation. Its website positions it as part of something called the Dataweb Global Group, though details about that umbrella organisation remain sparse.
More concretely, Dutch business records list the legal entity Advanced Hosters B.V. with company number KvK 62669559, registered at Leidse Rijn 41, 3454 PZ De Meern in the Netherlands. A sister site, AHnames.com, explains that AHnames “started as a project of AdvancedHosters” and provides contact details for Advanced Hosters B.V., including the same Dutch address and company registration number.
The @advancedhosters handle is not simply branded to look like an Advanced Hosting account—it was officially linked by the company itself.
An archived snapshot of the Advanced Hosters website from November 2016 shows the @advancedhosters Twitter account listed among the company’s official social media channels. This establishes that the account was, at that time, recognized and promoted by Advanced Hosting as a legitimate corporate presence.
Source: AdvancedHosters [archived]
Notably, this social media link no longer appears on the current version of the company’s website. Whether it was removed deliberately, as part of a redesign, or for other reasons is unclear. But the archived record proves the account’s official corporate status at the time it was actively promoted by the company.
The same archived version of the website listed two postal addresses: the primary Dutch business address (Advanced Hosters B.V. in Koog aan de Zaan, Netherlands) and a Cyprus address for PROFITRADE PLC in Limassol (described here as a main reseller). This Cyprus connection extends to the @advancedhosters Twitter profile itself, which lists Cyprus as its location. The consistency across corporate infrastructure and social media metadata suggests operational continuity rather than coincidence.
Source: AdvancedHosters [archived]
So when the @advancedhosters Twitter handle appears in an Archive.today capture session, it’s not a random string of characters or an impersonation account. It’s the official social media presence of a legitimate, verifiable hosting company—one with exactly the kind of infrastructure and technical expertise required to run a service as bandwidth-intensive and complex as Archive.today.
That doesn’t mean Advanced Hosting runs Archive.today. But it does mean the artefact is worth taking seriously.
From hosting provider to proxy network: following the people
The story gets more interesting when you trace the careers of people who have worked at Advanced Hosters and where they ended up.
Advanced Hosters rebranded to Advanced Hosting around 2019, though both names appear in historical records and corporate filings. Corporate profiles on LinkedIn show a cluster of system administrators and engineers associated with the company, many of them Ukrainian, several of them alumni of Kyiv Polytechnic Institute.
One name stands out in particular: Pavlo Z. And through him, a connection emerges to another figure: Vladimir F.
Pavlo Z.: from Kyiv to Singapore
Pavlo appears in Advanced Hosters’ orbit early in his career. Public profiles describe him as having worked there as a system administrator from 2007 to 2008 before moving on to other projects.
Source: Linkedin
Today, he’s listed as Chief Technology Officer and co-founder of Infatica, a commercial proxy-network provider. A Forbes Business Council profile [archived] from 2024 placed him in Singapore and highlighted a decade of experience in system administration and infrastructure engineering. Infatica’s own website credits him with driving the company’s technical innovation.
But Infatica isn’t Pavlo’s only venture. Estonian corporate records show that he and Vladimir F. jointly own and manage IT Hosting Group OÜ, an Estonian hosting company. The two men each hold 50 per cent of the shares and are listed as the company’s beneficial owners, positions they’ve held since January 2021.
In the United Kingdom, records show a similar pattern. Infatica Ltd was incorporated in May 2023, with both Pavlo and Vladimir holding significant control—each owning between 25 and 50 per cent of shares. Vladimir’s stake was later reduced, with UK filings showing he ceased to be a person with significant control in June 2024. Pavlo remains active.
The pattern is clear: Pavlo—who once worked at Advanced Hosters—has been in business partnership with Vladimir for years, co-owning hosting and proxy infrastructure companies across multiple jurisdictions.
Vladimir F.: a different path to the same ecosystem
Vladmir’s connection to this story runs not through Advanced Hosters, but through his partnership with Pavlo Z. and his own controversial background in infrastructure provision.
Vladimir is known as the owner of King Servers, a VPS and virtual server provider. In September 2016, that company found itself at the centre of a geopolitical storm.
ThreatConnect, a US-based threat intelligence firm, published a report examining cyber intrusions targeting state election boards in Arizona and Illinois. The investigation identified eight IP addresses involved in the attacks; six of them were hosted by King Servers, which ThreatConnect described as a Russian-owned hosting service.
Russian media subsequently tracked down Vladimir for interviews. He was 26 years old at the time, running King Servers from Biysk, a city in Siberia’s Altai region, and renting server capacity in the United States, the Netherlands and Russia. He acknowledged that his servers had been used in the attacks but insisted he had no prior knowledge and was not cooperating with any hackers.
Russia Beyond—a media outlet associated with RT (formerly Russia Today)—published an article attempting to reframe the allegations against Vladimir as a fabricated FBI operation, positioning him as a victim of Western intelligence agencies rather than as someone whose infrastructure had been used in cyber intrusions.
The story took another turn in January 2017. CyberScoop reported that Russian security services had arrested two FSB officers on suspicion of passing information about Vladimir to American intelligence agencies. According to reporting by Novaya Gazeta, the FSB wanted to know why one of its own officers had tipped off the Americans about Vladimir and King Servers, which ThreatConnect had by then described as an „information nexus” linking multiple intrusions against Western targets.
By 2019, Vladimir had expanded his operations to the United Kingdom, where he registered 16 companies including iNinja VPN, a virtual private network service with over 347,000 users. The Times reported that security analysts raised concerns about potential „kompromat” collection, with Andrew Foxall of the Henry Jackson Society noting that such a VPN service could be a „treasure trove” for recording users’ internet activities. According to Companies House records, Vladimir was living in Cyprus at the time.
Vladimir gave a statement to the New York Times saying he’d learned of the allegations only in mid-September 2016, shut down the implicated servers immediately and denied any connection to Russian intelligence or security services.
Currently, according to his LinkedIn profile, Vladimir lives in Dubai and works in Infatica alongside Pavlo Z.
Why both matter
None of this directly implicates Infatica, Advanced Hosting or Archive.today. But it establishes a clear connection:
- Pavlo worked at Advanced Hosters early in his career.
- Pavlo and Vladimir are now business partners, jointly controlling hosting and proxy companies.
- Vladimir has operated infrastructure that attracted serious law-enforcement and intelligence attention.
The @advancedhosters account links to Pavlo’s former employer. Pavlo links to Vladimir through documented corporate ownership. And Vladimir’s history shows someone willing to operate in contested spaces where infrastructure providers come under scrutiny from both Western intelligence agencies and Russian security services.
Mapping the ecosystem
Step back, and a pattern emerges.
You have a hosting company—Advanced Hosting—with the scale and technical capacity to support high-bandwidth, compute-intensive services. You have a Twitter account bearing that company’s branding, visible inside an Archive.today capture workflow. And you have individuals, one of whom worked at Advanced Hosters, who are now running other infrastructure businesses—Infatica, IT Hosting Group, King Servers—across Estonia, the Netherlands, the UK, Singapore and Cyprus.
Some of those businesses have intersected with cyber incidents serious enough to prompt FBI investigations and FSB arrests. Others operate in the grey markets of proxy networks and anonymisation services. All of them sit in a world where jurisdictional arbitrage, technical sophistication and plausible deniability are standard operating procedures.
Does this prove that Advanced Hosting runs Archive.today? No.
Does it prove that Pavlo, Vladimir or anyone else identified here is personally responsible for the service? Also no.
What it does show is that the @advancedhosters artefact links Archive.today’s operational environment to a recognisable cluster of infrastructure providers—providers with the means, the expertise and, in some cases, the documented willingness to operate in legally and politically contested spaces.
The limits of OSINT
Archive.today has operated in the shadows for more than a decade, archiving everything from breaking news to content that platforms have removed, and doing so with a level of technical sophistication that few rivals can match. Its operator has remained anonymous, its infrastructure opaque.
The appearance of a logged-in @advancedhosters handle inside one of its capture workflows is, by Archive.today standards, a rare moment of visibility. It doesn’t unmask the operator. But it does offer a concrete connection to a verifiable company—and through that company, to a wider ecosystem of hosting providers, proxy networks and infrastructure specialists.
That ecosystem includes:
- Advanced Hosters B.V., a legitimate Dutch hosting company with a two-decade operating history and thousands of servers worldwide.
- AHnames, a domain registrar that began as a project of AdvancedHosters and shares its corporate structure.
- Infatica, a proxy-network provider co-founded by individuals with documented ties to Advanced Hosting.
- IT Hosting Group, an Estonian company jointly owned by those same individuals.
- King Servers, a VPS provider whose infrastructure was used in high-profile cyber incidents and whose owner became the subject of both FBI and FSB interest.
These are not random actors. They form a recognisable cluster—technically capable, internationally distributed and, in several cases, already on the radar of law enforcement and intelligence agencies.
Whether Archive.today is simply adjacent to this world or structurally embedded within it remains an open question. For now, the most accurate framing is this:
The @advancedhosters artefact is a breadcrumb—verifiable, meaningful and pointing in a clear direction. It doesn’t prove who runs Archive.today, but it narrows the search space considerably and offers future investigators a concrete starting point for deeper technical analysis.
Anyone claiming to have „unmasked” Archive.today without access to internal systems, leaked communications, or law-enforcement data is either guessing or bluffing.
What this investigation does offer is a verifiable lead: a named company, specific individuals, corporate structures across multiple jurisdictions, and behavioural patterns that narrow the search space. That’s more than existed before, but it remains insufficient to definitively establish who operates Archive.today or how the @advancedhosters account came to be used in its workflow.
1 The same article appeared later that day on a LiveJournal blog belonging to alex-mashin. According to a LinkedIn profile under that name, Alex Mashin is described as a software developer based in Kemerovo, Russia. An article on Neolurk—a Russian-language wiki focused on internet culture—describes Mashin as an active contributor to Traditio, a Russian nationalist alternative to Wikipedia, where he has edited over 150 entries. The name „Alex Mashin” is most probably a pseudonym.