Hacker News

Ask HN: Weird archive.today behavior?

2026-01-1422:3014069

archive.today has recently (I noticed this, like, 3 days ago) started automatically making requests to someone's personal blog on their CAPTCHA page. Here's a screenshot of what I'm talking about: https:/...

archive.today has recently (I noticed this, like, 3 days ago) started automatically making requests to someone's personal blog on their CAPTCHA page. Here's a screenshot of what I'm talking about: https://files.catbox.moe/20jsle.png

The relevant JS is:

   setInterval(function() {
     fetch("https://gyrovague.com/?s=" + Math.round(new Date().getTime() % 10000000), {
       referrerPolicy: "no-referrer",
       mode: "no-cors"
     });
   }, 300);
Looking at this blog, there seems to be exactly one article mentioning archive.today - "archive.today: On the trail of the mysterious guerrilla archivist of the Internet" (https://gyrovague.com/2023/08/05/archive-today-on-the-trail-...), where the person running the blog digs up some information about archive's owner.

So perhaps this is some kind of revenge/DOS attack attempt/deliberately wasting their bandwidth in response to this article? Maybe an attempt to silence them and force to delete their article? But if it is, then I have so many questions. Like, why would the owner of the archive do that 2.5 years after the article was published? Or why would they even do that in the first place, do they not know about Streisand effect?

I'm confused.


rabinovich

Karma: 60
...
 @Hacker__News
@hacker._news

Comments

  • By mastermedo 2026-01-157:392 reply

    What my pattern-matching eyes immediately spotted is that the hn username that posted this is rabinovich. The linked article speaks about Masha Rabinovich. Maybe a coincidence.

    > in a 2012 F-Secure forum post, a “masharabinovich” complains about “my website http://archive.is/” being blacklisted. They pop up on Wikipedia as well getting told off for adding too many links to archive.is, including a mention that they’re using the Czech ISP fiber.cz

    • By KawaiiCyborg 2026-01-159:31

      > They pop up on Wikipedia as well getting told off for adding too many links to archive.is

      Funnily enough, they removed that from their talk page right around the time this thread got posted, their first edit in almost 6 years: https://en.wikipedia.org/wiki/Special:Contributions/Masharab...

      That's a lot of coincidences...

    • By gghffguhvc 2026-01-159:25

      Wild idea: Could be a symbolic dead man switch.

      Reports of FBI going hard after archive.today around the time the HN account was setup and they post an archive.today competitor. Pings on the investigative article then a post to HN saying “3 days ago” which could indicate when FBI succeeded.

      The only comment by the poster on this article is a sharp clarification of what doxxing is and isn’t.

      Perhaps this is just an unusual way of slowly stepping out from behind the curtain on your own quirky terms after a fantastically long tenure.

  • By dunder_cat 2026-01-154:253 reply

    Hmm. If it is an attempt at DDoS attacks, it's probably not very fruitful:

      >$ resolvectl query gyrovague.com

  gyrovague.com: 192.0.78.25                     -- link: eno1
                 192.0.78.24                     -- link: eno1
    Viewing the first IP address on https://bgp.he.net/ip/192.0.78.25 shows AS2635 (https://bgp.he.net/AS2635) is announcing 192.0.78.0/24. AS2635 is owned by https://automattic.com aka wordpress.com. I assume that for a managed environment at their scale, this is just another Wednesday for them.

    • By arcfour 2026-01-155:17

      I believe they're probably trying to get the blog suspended (automatically?) hence the cache busting; chewing through higher than normal resources all of a sudden might do the trick even if it doesn't actually take it offline.

    • By mike_d 2026-01-155:14

      It is using the ?s= parameter which causes WordPress to initiate a search for a random string. This can result in high CPU usage, which I believe is one of the DoS vectors that works on hosted WordPress.

    • By dunder_cat 2026-01-154:372 reply

      It occurred to me while reading the article that I could also just have checked the TLS cert. The cert I was given presents "Common Name tls.automattic.com". However, maybe someone will discover bgp.he.net via this :-)

  • By fhub 2026-01-158:171 reply

    This feels like the start of treasure hunt like game. Between username of rabinovich (as others have pointed out) and the prior submission by rabinovich of an archive.today like tool 3 months ago - https://ghostarchive.org/. When you click into the search query examples for ghostarchive such as this one https://ghostarchive.org/search?term=https://docs.google.com. Many of the documents are very weird indeed.

    • By jijijijij 2026-01-1511:05

      > This feels like the start of treasure hunt like game. Between username of rabinovich (as others have pointed out) and the prior submission by rabinovich of an archive.today like tool 3 months ago - https://ghostarchive.org/. When you click into the search query examples for ghostarchive such as this one https://ghostarchive.org/search?term=https://docs.google.com. Many of the documents are very weird indeed.

      This is what someone trying to start a treasure hunt like game would say....

      Mom! Am I an NPC? Mom! Am I real???

HackerNews

About