Webpage capture site Archive.today (also known as archive.ph, archive.is, and other mirrors), direct visitors to participate in a distributed denial of service (DDoS) attack targeted at a Finnish blogger. The malicious activity appears to be a bizarre personal vendetta rather than a large-scale operation.
A secret script has been discovered on the Archive.today, which directs a request to Gyrovague.com blog every 300 milliseconds, while actual visitors are solving a CAPTCHA puzzle to prove they’re not a bot.
Archive.today is a widely popular website that declares its ambition to be “a time capsule for web pages,” allowing visitors to create snapshots of websites that remain accessible even if the original content changes or disappears. However, the service is often used to bypass paywalls and access restricted content, which has given it a controversial reputation.
“Archive.today is directing a DDoS attack against my blog,” Jani Patokallio, who owns Gyrovague.com, said in a blog post.
As long as the CAPTCHA page is open, the browser sends a request to the blog’s search function using a random string, which prevents caching and increases resource use.
And even the anonymous administrator of Archive.today acknowledges the DDoS attack. Moreover, they threaten to go further and release a gay dating app named after the blogger.
What happened? Bizarre vendetta over doxxing
The entire situation revolves around an old blog post published nearly three years ago, in which Patokallio attempted to identify the individuals behind Archive.today.
The post, based on open source intelligence (OSINT), suggested that the site is likely run by one person, and the founder, allegedly using the alias “Denis Petrov,” may be from Russia. The author also found some weak links to an actual LinkedIn account.
At the time of publishing, the blog post did not provoke any significant reaction from Archive.today.
However, on October 30th, 2025, the FBI recently issued a subpoena to Tucows, a domain registrar, demanding that it disclose identifying details about the customer behind Archive.today, including name, address, billing, and connection records, as part of an ongoing federal criminal investigation.
Media coverage of investigations into the mysterious site often cited details from the blog post, which appears to have annoyed the operator.
“On January 10th, I received a politely worded email from archive.today’s webmaster, asking me to take down the post for a few months,” Patokallio explained in the blog post.
The provided email thread shows that Archive.today operator was concerned about misrepresentation by the mainstream media. Patokallio replied five days later, mentioning that the initial email had gone to spam and complaining that a DDoS attack was already underway.
Further back-and-forth exchanges quickly escalated into further threats, with the webmaster saying they will “vibecode” a gay dating app using the blogger’s name. Archive’s blog on Tumblr blames the author for “doxxing random internet projects just to make a little money” and even tries to draw connections to the alleged grandfather’s Nazi past.
One security researcher has shared an explanation from the Archive.today’s owner, who states that the delayed retaliation is related to “the mentioned people” gaining EU citizenship.
The DDoS attack against the blogger was also evidenced on the Hacker News forum by the users.
Ars Technica reported that US publishers have been fighting services designed to bypass paywalls. Archive.today is drawing legal scrutiny for refusal to respect robots.txt, removal requests, and similar related practices.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked