And also the timelines are pretty condensed... a lot is off... this does not seem genuine.. seems more like scanning csam page themselves and then going for reporting for some other hidden nefarious reason.

My thoughts exactly - in which case archive.is might have the IP address(es) of the perpetrators in their logs. Worth checking out.