Archive.today CAPTCHA Generates DDoS-Style Traffic Against a Blog

February 2026 · Incident Report & Technical Review

A documented investigation shows archive.today’s CAPTCHA page executing a script that repeatedly sends automated requests to a third-party blog every few hundred milliseconds — traffic behavior consistent with a sustained DDoS-style attack.

What the CAPTCHA Page Is Doing

When the archive.today CAPTCHA page is open, it runs client-side JavaScript that automatically sends repeated search requests to a specific blog URL. These requests continue without user interaction.

Why This Creates DDoS-Level Load

setInterval(function() {
  fetch("https://target-site.com/?s=random");
}, 300);

For non-technical readers: this means the page sends about three automated requests per second to the same site, using random queries that prevent caching. Over time, this creates constant server strain.

Impact: Sustained traffic at this rate can slow down, destabilize, or temporarily knock offline small or independent websites — matching real-world DDoS attack effects.

Public Discussion & Verification

The findings triggered extensive analysis and debate across Hacker News and Reddit, where users reviewed screenshots, code behavior, and the broader security implications for web archives and site owners.

Sources

Original Investigation – Gyrovague Hacker News Discussion Reddit Community Thread