Scientific breakthrough: When monkeys discover the Internet and learn to speak, they DDoS Archetyp. : CafeDread | Torhoo darknet markets

I was debating whether to post it in https://torhoo.cc/go.php?u=TDJRdlpHRnlhMjVsZEcxaGNtdGxkSE09# or in https://torhoo.cc/go.php?u=TDJRdmJtVjNiV0Z5YTJWMGN3PT0=# but it seemed appropriate to be https://torhoo.cc/go.php?u=TDJRdlkyRm1aV1J5WldGaw==# since they aren't a market on Dread and Bazaar (BreakingBad) admins are jesters.

Another user who is working as undercover for Bazar market HarrierDoBois posted a topic where the Bazaar admins made a post on their own forum BreakingBad. In the post they outlined how they were allegedly DDoSing Archetyp and delusions of grandeur, a copy available for your entertainment https://torhoo.cc/go.php?u=TDNCdmMzUXZOalF4TmpaaFpERmhZMkV4T0dNeE0ySTVZems9#.

How do I know HarrierDoBois is working for them? Easy. Look at the image he linked on dumpli in his post. Notice the a moment ago text at the bottom? Standard for the forum software they're using means literally some seconds ago. HarrierDoBois was told to quickly screenshot it and in their rush to expose their stupidity they added another stupidity. Physically no way to have screenshotted it without waiting and refreshing every second on the forum. Now everyone knows who he works for. Since we're talking about this let me also add palecafe and deepweb as owned by Bazaar/Breakingbad and they have been pushed on Dread a couple of times. Be aware.

The jesters at circus Bazaar/BreakingBad Forum were quick to disable their javascript captcha shortly after reading my response https://torhoo.cc/go.php?u=TDNCdmMzUXZOalF4TmpaaFpERmhZMkV4T0dNeE0ySTVZems9#/#c-e08aad2504911956ae to their funny Rome delusions. Now their registration is broken and you can't hack their Laravel application. But you don't need to hack or bothering with hacking them because they aren't on the level of the lowest tier markets which appear for few weeks in https://torhoo.cc/go.php?u=TDJRdmJtVjNiV0Z5YTJWMGN3PT0=#. Let me explain.

When you enter their market what is the first thing we should check? The source code. Immediately you see information is sent to

stat bazaar **

<script>
(function(){
var loader = document.currentScript;
var domain = window.location.hostname;
// var statHost = 'stat.' + domain;
// var statOrigin = window.location.protocol + '//' + statHost;
var statOrigin = '*****stat.bazaar.**';
var url = statOrigin + '/js/script.js';

fetch(url)
.then(function(response) {
return response.blob();
})
.then(function(blob) {
var blobUrl = URL.createObjectURL(blob);
var s = document.createElement('script');
s.defer = true;
s.src = blobUrl;
s.setAttribute('data-domain', domain);
s.setAttribute('data-api', statOrigin + '/api/event?rid=*****-***-**-****-******');
document.head.appendChild(s);
})
.catch(function(err) {
console.error('Error loading stat script:', err);
});
})();
</script>

or the onion equivalent

r2e7xc6s6fnmn5jblnmedwtrljzfzgwp34qw45bmri5ljl3kc********onion

var statHost = 'r2e7xc6s6fnmn5jblnmedwtrljzfzgwp34qw45bmri5ljl3kc********onion';
if (!isOnion) {
statHost = 'stat.bazaar.**';
}

var statOrigin = window.location.protocol + '//' + statHost;
var url = statOrigin + '/js/script.js';

hosting their Plausible analytics platform. Because they don't have the skills their own one they have used a ready product. If you like tracking like Google and the rest of the Internet track you, you would say yeah the move to use another product for analytics is tasteless and shows lack of skill but what the hell, right?

But hold on for a ride. Not only the entry is tracked but every page you go and everything you do, all actions on the platform. If you're visiting their clearnet domain (full site on there, genius)

curl --include "r2e7xc6s6fnmn5jblnmedwtrljzfzgwp34qw45bmri5ljl3kc********onion/api/event?rid=%27"
HTTP/1.1 404 Not Found
Date: Thu, 29 May 2025 **:**:** GMT
Content-Type: text/html; charset=utf-8
Content-Length: ****
Connection: keep-alive
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: *******-********
x-robots-tag: noindex, nofollow
Server: awselb/2.0

A level of stupidity we haven't seen in the darknet yet. Logging and tracking all of your user movements and requests and for extra easy steps for police to get the data, they are hosting it on AWS. If I didn't know they were this stupid I would say this market is a honeypot.

More smart moves? Yes please! Using Minio to store your pictures.

storage.bazaar.**/media/

and equivalent

storage.bazaarboom567hsuxjspmwurpl7lyx23p7r2byg22vwfhv5yu********onion/media/

I don't have any proof for this one here but given how technically inept they are, I wouldn't be surprised if the Minion bucket itself is hosted on AWS too.

Want to try Minio default creds (minioadmin:minioadmin) or other exploits? Be my guest.

Want to know how they make up their authentication cookie? No problem decode the base64.

{"iv":"oVE09nuOgS45kRgYGZY33g==","value":"NTWPR3agRofCyJn/yju5vx26ew5cHF0UBzgu6hu4W4Zffcd0T1LZQ5b3ENEpcnZt","mac":"220f6b87e732ac927f18964c95f6ba8c091fd5cee9400bf4187c10704a09bf83","tag":""}

Bazaar offers more! Instead of PGP recommendation or PGP enforcement, Bazaar has fields for orders directly to put your address, name and other details. But don't worry and think of extortionists like Incognito admin who put everyone on the line, Bazaar promises to use SHA256 encryption on your notes and store them only for short period of time. Pinky promise.

I didn't personally bother to look at their website and infrastructure for more than an hour as the more I found the more I was in disbelief. The level of security and care for the users is minus, minus 100.

A post like this isn't good without an IP leak. Not to be within doxxing rules I'll tease a small part of it

77.110.10*.***

This is one of their IPs. Ubuntu server (yes unique TCP packets confirmed not only). Could it be the Ubuntu server where their analytics is hosted? I'll let the readers do their own homework/have fun.

curl --include "r2e7xc6s6fnmn5jblnmedwtrljzfzgwp34qw45bmri5ljl3kc********onion"
HTTP/1.1 403 Forbidden
Date: Thu, 29 May 2025 **:**:** GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Server: awselb/2.0

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.24.0 (Ubuntu)</center>
</body>
</html>

Vulnerable nginx, OpenSSH (remote) and so many other vulnerable services on that IP. How is Fastpanel fellas? Is it good or is it a difficulthorse hint hint?

Should we discuss other IPs and services you have from Aeza? I do hope you are paying them well because your stupidity will come out of their nose unfortunately.

Let's do a recap of Bazaar Market/BreakingBad fails.

1) Using Cloudflare and running directly full clearnet mirror. Let's send our data to Cloudflare without PGP... what a bunch of geniuses!
2) Requiring to solve javascript captcha for accessing the website.
3) Requiring javascript for main site functionality.
4) Tracking and logging every user request/event to analytics platform.
5) Tracking and logging every user request/event to analytics platform and sending it to AWS bucket.
6) Promoting server side encryption on the server (AES 256) instead of the age old market standard of PGP.
7) Exposing network IPs to clearnet.
8) Vulnerable services running on servers allowing further exploitation and identifiction of other servers within their hosting provider (Aeza).

They have no interest in keeping users safe at any level. That was most clear to me when I saw javascript everywhere. Bazaar team, learn your history, you aren't in ancient Rome. But these people think they are building Rome. The same people who think dead drops are innovation or putting everyone at risk with taxi service (get your drugs fast delivery, nice way for police to catch everyone). You should read their posts you will have a good laugh how beginners build empires.

Bazaar don't have vulnerabilities, they don't have DDoSable services? Laughs in the audience. In all honesty English markets also claim this is the last DDoS they will ever receive or have unphishable markets both of whom are bullshit and speaks of degree of lack of understanding/skill. However the security standard is much higher than what is displayed by Bazaar.

Now https://torhoo.cc/go.php?u=TDNVdlFtbG5RbTl6YzBOb1pXWlBaa0Z5WTJobGRIbHc=# can take this information and blast it over the Internet so when someone searches Bazaar Market they will be redirected to Monkeys with Delusion of Grandeur Running Servers.

The post should serve as a reminder don't use Bazaar market if you value security and privacy and trust the superlist process of Dread created by https://torhoo.cc/go.php?u=TDNVdlNIVm5RblZ1ZEdWeQ==# and https://torhoo.cc/go.php?u=TDNVdlVHRnlhWE09# It exists for a reason to remove security risks to user who truly care about their security. It's all fun and games until people are facing 20 years in prison. Don't trust your life to ignorant admins.

However if you would like to use a market where PGP isn't recommended, you get your requests logged to Amazon buckets and your personal details saved by these morons, visit Bazaar Market they are definitely not Retaards.