Is archive.ph a scam?

Our automated security review flags archive.ph as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Is archive.ph safe to use?

No — archive.ph scored 25/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.

Does archive.ph have a valid SSL certificate?

Yes. archive.ph presents a valid TLSv1.2 certificate issued by Let's Encrypt · YE2, expiring in 88 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.

Is archive.ph on any phishing or malware blacklists?

No. archive.ph is not currently listed on the major browser blocklist feeds that modern browsers use.

Where is archive.ph hosted?

archive.ph resolves to an IP operated by Skhron OU in SE (usage type: Data Center/Web Hosting/Transit). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.

How often is the archive.ph report updated?

We cache results for 24 hours. Signed-in MalwareTips members can trigger a manual rescan at any time using the "Rescan" button on the report page, which re-runs every check from scratch and refreshes this page.

DANGEROUS

Critical risk detected

Web archiving service confirmed to have weaponized its CAPTCHA with DDoS-attack code targeting a specific blogger in early 2026. Our security stack flagged multiple threat indicators on this website. Don't enter personal information, deposit money, or download files.

Security Review

Is archive.ph legit or a scam?

Name: Is archive.ph legit or a scam?
Item: archive.ph
Rating: 2
Author: MalwareTips

Our verdict:Dangerous· 25/100

SafeSuspiciousDangerous

Web archiving service confirmed to have weaponized its CAPTCHA with DDoS-attack code targeting a specific blogger in early 2026.

Top reasons

Confirmed malicious conduct: CAPTCHA code injected in January 2026 to turn visitor browsers into DDoS-attack participants against a specific blogger.Operator is anonymous and currently subject to FBI criminal investigation following a registrar subpoena.Service has history of disputes and blocks (China, Russia, Cloudflare DNS, Malwarebytes IP range).

archive.phScanned 1h ago

Post Facebook

Trust score

DANGEROUS

Heuristics 90·MT 25

Category tags

malwareabuse#Malware85% MT confidence

Positive signals (3)

Not on major blacklists Encrypted connection Clean server reputation

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence

—

Data unavailable

Domain Age

—

Registration date unknown

MT Intelligence

Dangerous

Critical likelihood · 85% confidence

MT Intelligence

Advanced threat intelligence

MT Security Analyst

Critical scam likelihoodengineMT · Guardiantrust25/100

MT AgentLive web researchVisual inspection

Confidence

Archive.ph operates as a legitimate on-demand web archiving service used widely for preserving content and bypassing paywalls. However, in January 2026, the service deliberately injected code into its CAPTCHA page that forced visitor browsers to send repeated requests to a Finnish blogger's website, turning users into unwitting participants in a targeted DDoS attack. This represents deliberate malicious conduct by the operator, not a security flaw or accident. The operator remains anonymous and is currently the subject of an FBI criminal investigation following a subpoena to the domain registrar. While the service has legitimate use cases and some users praise its technical capabilities, the confirmed weaponization of the CAPTCHA system for a personal dispute crosses into malicious territory.

Full dossier

Analysis complete

Page Content

Archive.ph is a mirror domain for archive.today, a web archiving service that captures on-demand snapshots of web pages including JavaScript-rendered content and screenshots. The service is used for content preservation, paywall bypass, and fact-checking.

Infrastructure

Hosting IP 185.195.236.97 shows zero abuse reports and a clean reputation score. SSL certificate is valid (Let's Encrypt, 88 days to expiry). Browser blocklists show no hits. Our sandbox analysis was unavailable for this pass.

Domain History

Archive.ph is one of several mirror domains (archive.today, archive.is, archive.li) for the same service, launched in 2012. The operator uses a pseudonymous WHOIS entry ('Denis Petrov' in Prague) and remains anonymous. In 2025, the FBI issued a subpoena to registrar Tucows seeking owner identification as part of an undisclosed criminal investigation.

Web Reputation

The service has mixed reputation. Technical users on Hacker News praise its superior rendering and speed compared to the Wayback Machine. However, in January 2026, multiple sources (Wikipedia, Reddit, HackRead) reported that archive.ph injected malicious code into its CAPTCHA that forced visitor browsers to participate in a DDoS attack against a Finnish blogger. This constitutes confirmed malicious conduct. The service has also faced blocks in China and Russia, DNS disputes with Cloudflare, and a 2025 IP-range block by Malwarebytes (later whitelisted).

Risk Factors

Confirmed malicious conduct: CAPTCHA code injected in January 2026 to turn visitor browsers into DDoS-attack participants against a specific blogger.
Operator is anonymous and currently subject to FBI criminal investigation following a registrar subpoena.
Service has history of disputes and blocks (China, Russia, Cloudflare DNS, Malwarebytes IP range).
No legitimate business registration or formal company structure identified.
Privately funded with donations; no transparency on funding sources or governance.

Positive Signals

SSL certificate is valid and properly configured (Let's Encrypt).
Hosting IP has zero abuse reports and clean reputation score.
Browser blocklists show no hits.
Service has legitimate technical use cases praised by developers and researchers for superior content preservation.
No traditional consumer scam, phishing, or malware-distribution reports found outside the CAPTCHA incident.

AI Recommendation

Do not use this service. The confirmed injection of malicious code into the CAPTCHA system demonstrates that the operator is willing to weaponize the platform for personal disputes, putting your browser at risk of being used in attacks without your knowledge. Legitimate alternatives for web archiving include the Wayback Machine (archive.org) or other established preservation services.

Next-gen fraud intelligence

Evidence-backedCross-checked

Website Preview

LIVE RENDER

archive.ph

1Screenshot incomplete — site may be slow to render

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

/ 100

High visual risk

Visual red flags detected in the screenshot

We could not capture a fully-rendered screenshot of this page; visual analysis is inconclusive.

Visual risk50/100

What our vision model saw

1 signal

Screenshot incomplete — site may be slow to render

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for archive.ph, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration

No public record found

Could not match the site to a registered company — common for small sites.

Clone check

Not a clone

No well-known site's layout or branding detected here.

Typosquat check

No look-alike match

The domain doesn't resemble any well-known brand's spelling.

Web mentions

3 scam reports · 3 positive

Key findings

7 headline facts from open-web research

archive.ph is one of several mirror domains (alongside archive.today, archive.is, archive.li etc.) for a popular on-demand web archiving service launched in 2012 that captures snapshots including JavaScript-rendered content and screenshots.
The service is widely used to bypass paywalls, preserve ephemeral content, and in academic/fact-checking contexts; praised on HN and Reddit for better fidelity than Wayback Machine in some cases.
Operator remains anonymous; WHOIS data points to likely pseudonymous 'Denis Petrov' in Czech Republic; speculated to be a single individual possibly based in Russia; privately funded with donations.
In Oct/Nov 2025, FBI issued subpoena to registrar Tucows seeking owner identification and records as part of an undisclosed criminal investigation.
In Jan 2026, the service was reported to have injected code in its CAPTCHA that turned visitor browsers into participants in a targeted DDoS attack against a blogger (Gyrovague/Patokallio) with whom it had a personal dispute; led to English
Service has faced blocks/bans in China (since 2019), Russia, disputes with Cloudflare DNS, occasional downtime reports, and a 2025 Malwarebytes IP-range block (later whitelisted after review).
No traditional consumer scam, phishing, or malware distribution reports found; one security checker (Scamvoid) rates it potentially safe with no blocklist hits. However, the CAPTCHA abuse constitutes malicious behavior.

Scam reports (3)

Direct quotes from public scam databases, forums, and news.

Wikipedia / News reportsopen
"In January 2026, archive.today added code into its CAPTCHA page to send repeated requests causing visitors to unwittingly contribute to a DDoS attack targeted at a Finnish blogger."
Reddit r/antivirusopen
"Archive.today added malware in their Captcha... the site forced their browsers to unknowingly flood websites with repeated search requests."
HackReadopen
"The FBI has issued a federal subpoena to domain registrar Tucows... to unmask the anonymous operator of Archive.ph... subject of an undisclosed criminal investigation."

Positive reviews (3)

Quotes indicating the site is legitimate.

Hacker Newsopen
"archive.ph does a better job of preserving the page as is (it also takes a screenshot) compared to internet archive which can be flaky at best... much faster at searching."
Scamvoidopen
"The site seems safe according to this report: The site is not detected by any blocklist engine... Potentially Safe."
Wikipediaopen
"archive.today is a web archiving website that saves snapshots on demand. It has support for JavaScript-heavy sites such as Google Maps and X."

Research summary

Narrative write-up from our AI analyst, grounded on the facts above

Multiple sources confirm that in January 2026, archive.ph injected malicious code into its CAPTCHA page that forced visitor browsers to send repeated requests to a Finnish blogger's website, turning users into unwitting participants in a targeted DDoS attack. Reports appeared on Wikipedia, Reddit's r/antivirus community, and HackRead. The FBI issued a subpoena to domain registrar Tucows in 2025 seeking to unmask the anonymous operator as part of an undisclosed criminal investigation. On the positive side, Hacker News users praise the service's technical capabilities for web archiving, and one independent security checker (Scamvoid) reported no blocklist detections. However, the confirmed weaponization of the CAPTCHA system for a personal dispute outweighs the legitimate archiving functionality.

Security Scans

Blacklist Check

Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Domain & Encryption

Encryption Certificate

StatusValid

ProtocolTLSv1.2

IssuerLet's Encrypt · YE2

ExpiresSep 3, 2026 (88d)

Self-signedNo

Hosting & Technology

HostingSkhron OU

Server locationSE

Redirect Chain

Hops

Cross-domain

Lookalike

Punycode

1302http://archive.ph/
2429https://archive.ph/

Server Reputation

Abuse Intelligence

Confidence score0%

Reports on file0

ISPSkhron OU

Usage typeData Center/Web Hosting/Transit

Scam-Type Likelihood

1 scam-type patterns detected

Scam-Type Likelihood

0 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Malware

Malware

Low-level signals

0/100

AI analyst tagged this as malware / drive-by / cracked app.

Scam-Type Likelihood

0 of 13 categories showed signals

Top match: Malware

Malware

Low-level signals

0/100

AI analyst tagged this as malware / drive-by / cracked app.

Malware distribution detected

Signals suggest this page may deliver malicious files or exploit the browser.

Do not interact with archive.ph
Do not enter credentials, deposit money, download files, or install browser extensions from this site.
If you downloaded or ran a file from here
Disconnect the device from the internet, run a full scan with a reputable antivirus (Malwarebytes, ESET, Bitdefender), and consider a second-opinion scanner. Change passwords on any account you used from the device afterwards — ideally from a different device.
Get free cleanup help
MalwareTips has a dedicated malware-removal team who walk you through cleanup one-on-one.
Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing

Not listedCheck ↗

AbuseIPDB

Not listedCheck ↗

Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered from the scan data on this page. These are auto-generated — not hand-written — so they always match the underlying report.

Our automated security review flags archive.ph as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Final Verdict

Trust / 100

Final Verdict·archive.ph

DANGEROUS

Archive.ph is a web archiving service that in January 2026 injected malicious code into its CAPTCHA to turn visitor browsers into unwitting participants in a DDoS attack against a blogger, constituting confirmed malicious behavior.

AV engines

—

MT passes

Net signals

Scan another URL

Security review completemalwaretips.com/url-scan

Recently scanned

Other Dangerous reports

mail.netaccess-management.com

3h ago

Read the review

Dangeroustrust3

roblux2026.blogspot.com

3h ago

Read the review

Dangeroustrust10

hadiahresmishopeeindonesia.blogspot.com

trezorsuites-io.wasmer.app

4h ago

Read the review

Dangeroustrust1

owa.supersaverdining.com

4h ago

Read the review

Dangeroustrust1

securedbankfinancing.com

4h ago

Read the review

Dangeroustrust1

docsonlineshare.hbhasnen.com

4h ago

Read the review

Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…

Loading comments…

This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.