Archive.today Script Triggers DDoS-Level Traffic Against Independent Website

Investigation • February 2026 • DDoS & Web Abuse

An independent investigation has uncovered that archive.today executes a JavaScript loop on its CAPTCHA page that repeatedly sends automated requests to a third-party website — behavior consistent with a sustained DDoS-style traffic attack.

What the Script Does

The code runs automatically and sends repeated background requests to the same website every few hundred milliseconds. Each request uses a randomized parameter to bypass caching, forcing the target server to process every hit.

setInterval(function() {
  fetch("https://target-site.example/?q=random");
}, 300);

Why this is serious:
At roughly 3–4 requests per second per visitor, this behavior can quickly overwhelm small websites, increase hosting costs, and cause outages — matching real-world DDoS impact.

Community Response

After the findings were published, discussions appeared on Hacker News and Reddit, with users reviewing screenshots, traffic behavior, and potential abuse of browser-based visitors as involuntary traffic generators.

Why This Matters

Web archives play an important role on the internet. However, when archival tools generate sustained, automated traffic against live websites, they cross into dangerous territory that can harm site owners and infrastructure.

Sources & Evidence

Original Investigation Hacker News Discussion Reddit Community Analysis