These are the most suspicious Archetyp facts : CafeDread | Torhoo darknet markets

The DNS changes could be adding a new CDN. There are a couple providers whom use Amazon and other accounts to offer (rotating) CDN without the need to rely on Cloudlare, DDoS Guard or techniques like fast flux. Would've been more suspicious if all 3 domains pointed to the exact same name servers but they don't.

Credit to /u/Edition7802 for pointing this out quickly.

archetyp cc - clientTransferProhibited, serverUpdateProhibited, serverDeleteProhibited, serverTransferProhibited,
archetyp love - clientTransferProhibited, serverUpdateProhibited, clientDeleteProhibited, clientRenewProhibited, clientUpdateProhibited, clientHold
whowasteam love - clientTransferProhibited, serverUpdateProhibited

Archetyp domains EEP status codes indicating legal issue pay attention the server ones especially.

Some of the facts can be lack of time to prepare a nice maintenance page or in a hurry to write it in code tags. When you are doing massive maintenance there isn't large upside to serve it through onionbalance either unless you have prepared temporary frontends only to keep up the message. I don't find it unreasonable to assume the factor of time to these actions given the pressure towards the market.

The biggest take away for me personally would be using different kind of apostrophe and the EEP status code changes. Definitely indicates a new machine whom can be opsec rotation but weird timing overall.

All the LE bots are on here down-voting furiously.
We were not supposed to know this early.
You spoiled their surprise birthday present for Dear Leader Trump's birthday parade.
Expect rapid deportation gestapo to descend on your location in the next 24 hours.

I've seen enough. Arch is in LE control. The only questions left are How Long Have They Been in Control?
Side question-- When do they announce the seizure?

We need to start seizing their shit and see how they like it. This one-sided war is ridiculous.

/u/HugBunter can we do pitchfork stuff yet or still no?

If it turns out to be what I hope it isn't, i'm done with DNMs and drugs in general.

I hope the DNS changes to AWS are just to troll /u/whoisteam but things are looking worse and worse the more time goes on. Hoping for the best, but if it does turn out to be LE I'm just glad that it wasn't an exit scam.

Fuck the feds and fuck whoisteam

I want to point out his headers

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 14 Jun 2025 02:11:37 GMT
Content-Type: text/html
Content-Length: 1622
Last-Modified: Thu, 05 Jun 2025 17:29:16 GMT
Connection: keep-alive
ETag: "6841d3ec-656"
Accept-Ranges: bytes

BigBoss was always very protective of his headers, he disable etag and server name always to not leak information. Very weird he would put this up so naked and little configured.

100% seized.

Well Fuck me, Tommy....you certainly showed him who's got the mineralz. Boss, Pygmalion, Desudo, and their headerz... Ze Germans are here

Damn. Good observation! Still let's hope not.

Last message from YGW before shutting down was to source developers /post/3ba2181f43f193d39d19. On terms that I would describe as... generous. "Take the money and do something". Explicitly asking for PGP. The kind of proposal any seasoned expert would consider. I wouldn't mind much if it wasn't for the downtime. But this could also be an honeypot. Just think about the number of responses bragging about having done this or that. Ever so easy information gathering.
Not FUD only sharing a thought. Given the impressive track record of Archetyp, I'm sure I'm mistaken. I'd advise anybody having responded to the job offer to take extra precautions until things get back to normal though.

SMH... he should have listened to me and went fast flux dns.

Fact 1: I go by what he said a week ago as to why the DNS servers were changed, they were probably taken again:
> archetyp.cc still legit?
Yes, we got it back, why I do not post about it, because it's a waste of time if it's back for 2 days just to get suspended again in a never ending cycle of cyber bullies writing e-mails and the Public Domain Registry changing their decision like a flag in the wind. ITS BAD ITS SUSPENDED, anyways here you can have it back, BUT ITS BAD ITS SUSPENDED, anyways here you can have it back.
/u/CodeIsLaw gave me a nice idea, and that's why the domain now just redirects to other domains, so the hope is that archetyp.cc will not be suspended but instead the domain it redirects to, right now: whowasteam.love (yes, I do partake in a fair bit of tomfoolery)
Buying a domain for 5 years costs us 50€ so we can afford a new domain for a long time without breaking the bank.

FACT 2: People make a lot of claims and try to push FUD, it happens all the time. I would take it with a grain of salt (again no sources as you said)

FACT 3: I can only assume peope like HugBunter have another way to reach out to him, and they told him to post something. He probably did it in a hurry and is working on this shit. As someone who also does IT, when systems go down, you hyperfocus on the problem. You don't have time to talk to others and give them details. You work your ass off.

FACT 4: Could be an old maintenance page from way back in the early days that was never updated because with whatever happened, he never had to use it until now.

FACT 5: This is because the system is down

My question was removed on d/archetyp so I post this here for /u/hugbunter to answer

When I look up archetyp links on daunt, only the main link (4pt..) and the 2 bottom ones (pmr..., fcc...) load. I have been unable to get the captcha on those pmr and fcc links, they seem to only offer the maintenance one. What do you think of this?

By the way is a single onionbalance instance responsible for a single onion link so all the public archetyp links have a different onionbalance front?

Fact 3 is quite convincing and I did verify this to be true. That would be something someone would overlook that was pretending to be them.

This should be pinned

To be honest, it's not looking great. I have this feeling arch is gone for good.
I hope not, but it's sure seeming that way.

BASED SCHIZO THEY ARE COMING FOR YOUR CHILDREN

[removed]

Too interesting, to be true

The domain names have been taken control of. It’s not currently known by whom. Status codes indicating restrictions on client transfer, server deletion, server transfer, server updates, and client renewal confirm this. The new IP addresses associated with Amazon suggest a location in Virginia, which is significant. Furthermore, the administrator of Archetyp is confirmed to be German based on publicly available information about their past work.

/u/MrBacon420 /u/anonymous2anon /u/Phobos36

this is the the EEP statues codes for all the clearnet domains. serverTransferProhibited means Registrar has prohibited transfer — often seen during investigations or seizures. serverDeleteProhibited means Cannot be deleted by anyone — protects the domain from deletion. clientRenewProhibited means Registrar prohibits renewal by client — uncommon unless under investigation. they also redacted EVERYTHING. so its definitely LE bro, were now just waiting on the seizure notice at this point






Domain Name: archetyp.love
Registry Domain ID: DO_f7af14350764492eaa0c2ef27be9cb0b-LOVE
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2025-06-12T16:05:42.183Z
Creation Date: 2025-05-05T20:41:28.060Z
Registry Expiry Date: 2028-05-05T20:41:28.060Z
Registrar: PDR Ltd.
Registrar IANA ID: 303
Registrar Abuse Contact Email: domain.manager@publicdomainregistry.com
Registrar Abuse Contact Phone: +971.72046060
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Not Applicable
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Iowa
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: US
Registrant Phone: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Fax: REDACTED FOR PRIVACY
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: ns-612.awsdns-12.net
Name Server: ns-1756.awsdns-27.co.uk
Name Server: ns-1232.awsdns-26.org
Name Server: ns-467.awsdns-58.com
DNSSEC: unsigned


Domain Name: whowasteam.love
Registry Domain ID: DO_a00b92d8e7949d6519bee135cfaea785-LOVE
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2025-06-12T16:05:42.135Z
Creation Date: 2025-05-21T20:44:56.565Z
Registry Expiry Date: 2031-05-21T20:44:56.565Z
Registrar: PDR Ltd.
Registrar IANA ID: 303
Registrar Abuse Contact Email: domain.manager@publicdomainregistry.com
Registrar Abuse Contact Phone: +971.72046060
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy Protect, LLC (PrivacyProtect.org)
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: MA
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: US
Registrant Phone: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Billing ID: REDACTED FOR PRIVACY
Billing Name: REDACTED FOR PRIVACY
Billing Organization: REDACTED FOR PRIVACY
Billing Street: REDACTED FOR PRIVACY
Billing City: REDACTED FOR PRIVACY
Billing State/Province: REDACTED FOR PRIVACY
Billing Postal Code: REDACTED FOR PRIVACY
Billing Country: REDACTED FOR PRIVACY
Billing Phone: REDACTED FOR PRIVACY
Billing Fax: REDACTED FOR PRIVACY
Billing Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: ns-1672.awsdns-17.co.uk
Name Server: ns-1153.awsdns-16.org
Name Server: ns-84.awsdns-10.com
Name Server: ns-990.awsdns-59.net
DNSSEC: unsigned


omain Name: ARCHETYP.CC
Registry Domain ID: 169021248_DOMAIN_CC-VRSN
Registrar WHOIS Server: whois.PublicDomainRegistry.com
Registrar URL: http://www.publicdomainregistry.com
Updated Date: 2025-06-11T21:50:10Z
Creation Date: 2022-01-02T05:10:28Z
Registry Expiry Date: 2028-01-02T05:10:28Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1.2013775952
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: NS-115.AWSDNS-14.COM
Name Server: NS-1499.AWSDNS-59.ORG
Name Server: NS-1956.AWSDNS-52.CO.UK
Name Server: NS-895.AWSDNS-47.NET
DNSSEC: unsigned

/u/Yugong /u/MrBacon420 /u/anonymous2anon


PLEASEEE go read that, i know he pointed out the EEP codes, but he doesnt recognize the name ASNT????!!!!
very fishy.....


/post/5a0cbf7cb6e4e6cd917d/#c-415256a098c88bde27

Big boss used a different type of 'dash' in the title of his post, (U+2013) instead of (U+002D) he used on all his other posts


Archetyp Market – What’s going on?
Archetyp Market - Frequently asked questions on Dread
Archetyp Market - Update on the....
Archetyp Market - How to access the market?


This is very similar to fact 6, Boss never used "–" until his most recent post.

/u/HugBunter its time to call it

Check this too.

/post/dec29b79e15b1afd067a

Where were you at when you read the most important thread in Dread history?

2 4 5 source?

Comrades time to clean house everything points to police action

Hey everyone who believes #6 is "the most damning one"

I'm writing this post to address a common misconception that's been floating around our community. It seems like some of you stupid fuckers are under the impression that using a different dash (e.g., em dash, en dash) automatically means a user is compromised. Let me tell you, retard, that's not always the case.

While it's true that inconsistent dash usage can be an indicator of potential compromise, it's not a smoking gun. There are plenty of other explanations for why someone might use a different dash. For instance, they might be using a different language model (LLM) or text processing tool that defaults to a specific type of dash.

In fact, some of you might be smart enough (I doubt it, but I'll give you the benefit of the doubt) to be laundering your text through an LLM before posting. If that's the case, it's possible that the LLM is introducing a different dash style, which could be misinterpreted as a sign of compromise.

This is not looking good. All of the signs are pointing to it being over. I really hope that isn't the case but that's what my intuition tells me. It's been a good ride everybody. Let's hope that we're all just being paranoid.

oh fuck.. this doesnt look good. shit

Just a thought, and one that's probably wrong, but might the reason LE wants to give the impression that it is maintenance and not a seizure have to do with the automated payouts?

I know not all vendors have received anything, but some apparently have; small amounts?

Is their intention to send small specific amounts at specific times to specific vendors in an attempt to track movement of the money?

Yes they may have vendors xmr address, but would vendors touch xmr that came from the feds?

[removed by moderators]

Noooooo :(

Okay, I am going to ride in this quote and add something tiny:

This is common for Germans to do and is technically wrong from a typographical standpoint. I only know it because of my job. Germans tend to do it because it´s easier to type on german keyboards and because they don´t know there is a difference usuall

I went to the maintainance page the first time I saw HugBunters post, saw the html and saw the image is called "triangel" and I was really confused as to why it would be called that, apparently germans and scandinavians use that word for "triangle" and thought, weird that BBA would blatantly use a specific word from a language instead of the generic english.

good facts

End of an era.

I think ReTORd is a better name for the LE operation.

This post is well put incidentally

I can't wait to see what happens to Archetyp.

:^D

RIP

I TRUELY BELIEVE HOW MUCH BIG BOSS LOVED US AND HOW MUCH HE LOVES ARCHETYP AND HOW I GET A SENSE FROM HIM BEING SUCH A LEDGEND AND REAL PERSON, I JUST THINK HE WOULD HAVE GIVEN US MORE THEN WHAT HE HAS RIGHT NOW, I DONT THINK ITS ENOUGH INFORMATION, KNOWING THAT HE LOVES HIS JOB AND LIVED FOR ARCHETYP WITH HIS OPEN LETTERS TO GOVENMENT ETC

I AM NOW STARTING TO LOOSE FAITH

IF I PUT MY FOOT IN HIS SHOES, THERES NO WAY I ONLY JUST GAVE THE LITTLE UPDATE HE DID WITH NOTHING ELES. NO MORE UPDATES OTHER THEN WHAT HE PUT, I KNOW HE WOULD HAVE GIVEN US MORE DETAILS IM SURE OFF IT

MY GUT TELLS ME ITS OVER, I PREY IT ISNT AND I PREY HE REALLY IS BEHIND THE SCENES FIXING THE ISSUES, I JUST DONT SEE THE PATTERN ANYMORE OF HIS NORMAL SPECTACULAR WORK COMBATING ANY PROBLEMS THAT AROSE OVER THE LAST 5 YEARS. 3 DAYS IS LIKE A LIFE TIME IN OUR BUSINESS

Sheiiit all this doesn't look good at all.
Just logging it and catching up with this shitstorm...

The servers could have been seized by a non-LEO actor, who is trying to make it look like an LEO seizure for some reason? Just trying to present an alternative theory.

They are always the facts that they are fighting like hell and are dropping common codes they are moving so fast. Hell they may actually be codes to each other to help them move fast, Wishful thinking maybe but who knows?

If LE has control over the domains, wouldn't it make sense to take everything down, spin up a new cold server somewhere and put a temporary page up while he works on fixing things offline or deploying a new infrastructure or at least just take everything down to give him time to assess what's going on? A cold maintenance page doesn't need to sit in front of the service, you would want to avoid that and why would you need to protect it if it's not connected to anything?

All this proves is what we already know, that the actual services are offline and the domains have been siezed. Fact 6 although a valid point is still just speculation at this point. There probably was a breach I don't doubt that but right now nothing is proven. Taking down services to protect his and everyones data/identities would be the #1 priority. Yes everyone's money is tied up and a lot of people rely on sites like this for medical reasons but he needs to tread carefully. Not just to avoid getting caught but also to preserve the integrity of the service and ensure it comes back smoothly, IF it does come back at all.

For someone to have access to and use your pgp key, they would need to trace everything back to a personal machine, physically find it, get past disk encryption and even then, you would have to comply and give it up since I'm sure it would be secured properly on the machine or external device. Several layers of encryption to go through if you can even find the device it's on and even then, how would you know it's on there?

I think for someone with enough experience to run such a strong market like this for so long, it's not going to be that easy and straightforward for LE or attackers to gain full control over everything.

For now, all we can do is be patient and hope for the best.

Let me add.

1. First, People got warned

/post/6b399e01c650e59e9f01

2. fact
On the 12th of June there was a big Internet issue worldwide, starting 1-4pm (check on X, historical data)
Caused by a google IAM missconfiguration, it caused a snowball effect
Downdetector: Google had spikes, Google Cloud, Cloudflare, with AWS the biggest.

3. Germania Forum is down out of nowhere. Without any prewarning.

Wanted to mention this, from /u/UKDistribution

"Hey,
I got a lot of messages, I’m not going to answer everyone. "

??? You have dread messages turned off? have done for a long time so where do you have a lot of messages?

🤔

Very good observation that should be added to this thread IMO

You won bro. Excellent write up. Sloppy job DEA, lol. You fucked up you clowns.

Alleged fact 2, 4 and 5 sources pls.

People gotta stop hitting on that copium and seething in speculation. Just use another market, 99% of vendors on arch are available on different markets. This should only concern anyone who has currently any funds held in Arch market.

/u/anonymous2anon you have no credibility
account created a day ago