Archive.today CAPTCHA Generates DDoS-Style Traffic Against Independent Blogs

Published February 2026 · Traffic Abuse Investigation

A direct inspection of archive.today shows its CAPTCHA page running a script that repeatedly sends automated requests to a third-party blog every 300 milliseconds — behavior consistent with a sustained DDoS-style traffic attack.

What Is Happening

While the CAPTCHA page is open, a small piece of JavaScript continuously asks the same blog for search results using random queries. This prevents caching and forces the target site to process every request.

Why This Is Dangerous (Non-Technical)

Sending requests every 0.3 seconds may sound small, but multiplied by many visitors, it creates a constant flood of traffic. For independent or personal blogs, this can slow the site, increase hosting costs, or cause outages — a real-world DDoS effect.

setInterval(function() {
  fetch("https://target-site.example/?s=random");
}, 300);

⚠️ Impact: This pattern effectively turns visitors’ browsers into traffic generators, creating sustained attack-level load without their knowledge.

Public Verification & Discussion

The behavior was first documented in detail by an independent researcher and later discussed widely on Hacker News and Reddit, where screenshots, code, and traffic logs were examined by the community.

Sources

Original Investigation – Gyrovague Hacker News Discussion Reddit Community Thread