TL;DR
A Hacker News user observed that archive.today's CAPTCHA page was issuing repeated background requests to a personal blog using a short JavaScript interval. The poster noted the target blog contains one article mentioning archive.today and speculated about possible retaliation or bandwidth-waste motives, but no confirmation of intent is provided in the source.
What happened
A commenter on Hacker News posted that, starting roughly three days prior to the thread, archive.today's CAPTCHA page began making automated requests to a specific personal blog. The poster shared a screenshot and extracted the JavaScript responsible: a setInterval that runs every 300 milliseconds and issues fetch() calls to https://gyrovague.com/?s=<number>, using a timestamp-derived query parameter, referrerPolicy set to "no-referrer", and fetch mode "no-cors". The author of the thread pointed out that the targeted blog appears to contain a single post that mentions archive.today — an article dated August 5, 2023 — and raised the possibility that the requests could be an attempt to punish or overload the site. The post frames these ideas as speculation and asks why such behavior would appear years after the article was published; the source does not confirm who implemented the code or why.
Why it matters
- Automated requests issued from a CAPTCHA page can generate unwanted traffic to third-party sites, raising potential abuse and bandwidth concerns.
- Use of fetch with no-referrer and no-cors affects visibility of origins and may complicate attribution and logging for the receiving site.
- If repeated at high frequency, such requests could impose resource strain on smaller websites, resembling a low-level denial-of-service pattern.
- Unexplained targeting of an individual site's content raises ethical and legal questions about retaliatory or punitive measures by platform operators or others.
Key facts
- The observation was posted on Hacker News and dated January 14, 2026 in the provided source metadata.
- The poster noticed the behavior about three days before posting the thread.
- A screenshot of the CAPTCHA page was shared by the poster (link provided in the original thread).
- The extracted JavaScript uses setInterval to call fetch("https://gyrovague.com/?s=" + Math.round(new Date().getTime() % 10000000)) every 300 milliseconds.
- The fetch call sets referrerPolicy to "no-referrer" and mode to "no-cors".
- The targeted site is gyrovague.com, and the poster identified one article on that blog that mentions archive.today, dated 2023-08-05.
- The poster speculated about motives such as revenge or bandwidth-wasting, but did not provide evidence identifying the requester or intent.
What to watch next
- Whether archive.today or the operator of the CAPTCHA page publicly acknowledges or explains the behavior — not confirmed in the source.
- Whether the owner of gyrovague.com reports increased traffic or server strain and whether they take mitigation steps — not confirmed in the source.
- Whether the observed requests persist, change frequency, or target other domains beyond the single blog mentioned — not confirmed in the source.
Quick glossary
- archive.today: A web archiving service that saves and provides snapshots of web pages for later access.
- CAPTCHA: A challenge–response test used to determine whether a user is human, often displayed to block automated traffic.
- fetch API: A JavaScript interface for making network requests, commonly used in web pages to retrieve resources asynchronously.
- referrerPolicy: no-referrer: A setting that instructs the browser not to send the Referer header when making a request, hiding the origin page.
- no-cors mode: A fetch mode that restricts access to the response for cross-origin requests, often used to send requests without reading the response.
Reader FAQ
Did the source confirm archive.today intentionally targeted the blog?
Not confirmed in the source.
What does the JavaScript snippet do?
It repeatedly issues fetch requests every 300 milliseconds to the blog URL with a timestamp-derived query parameter, using no-referrer and no-cors settings.
Is the targeted blog the only site affected?
The poster identified that blog as the observed target; whether other sites are affected is not confirmed in the source.
Was motive or attribution established?
Not confirmed in the source; the poster offered speculation but provided no direct evidence identifying the responsible party or intent.
archive.today has recently (I noticed this, like, 3 days ago) started automatically making requests to someone's personal blog on their CAPTCHA page. Here's a screenshot of what I'm talking about:…
Sources
- Ask HN: Weird archive.today behavior?
- archive.today fails, the site presents a captcha challenge #53
- ReCaptcha always asking for extra verification?
- When browsing website always checking and ask to solve …
Related posts
- CreepyLink: a URL shortener designed to make links look suspicious
- Bubblewrap: A lightweight sandbox to keep coding agents away from your .env files
- FTC finalizes order barring GM from selling drivers’ location and telematics