Archive.today CAPTCHA Generates Sustained DDoS-Level Traffic

Incident report · February 2026 · Archive Traffic Watch

An independent investigation shows that archive.today’s CAPTCHA page executes a script that repeatedly sends automated requests to a third-party blog every 300 milliseconds — a traffic pattern consistent with a sustained DDoS-style attack.

What Is Happening

When users visit archive.today and are shown a CAPTCHA, their browser runs JavaScript that repeatedly contacts a specific blog’s search page. These requests continue nonstop as long as the CAPTCHA page stays open.

The Script (Explained Simply)

setInterval(function() {
fetch("https://target-site.example/?s=random");
}, 300);

In plain language: the page sends about three automated requests every second. Because each request is different, caching is bypassed — creating constant load on the target site.

Why this matters: For small or personal websites, nonstop requests at this rate can slow pages, spike hosting costs, or cause outages — matching real-world DDoS impact.

Community & Analysis

The discovery triggered in-depth analysis and debate on Hacker News and Reddit, where users reviewed screenshots, traffic patterns, and the broader implications for web archive services.

Sources

Gyrovague – Original Investigation Hacker News Discussion Reddit – r/DataHoarder

Search This Blog

archive incident report