🔗 DrugHub Market Mirrors & Verification

Official mirror links with PGP signature verification

🚨 CRITICAL SECURITY WARNING: Phishing sites are extremely common. ALWAYS verify PGP signatures before using any DrugHub link. Fake sites steal credentials and funds!

📝 Official Mirror List (PGP Signed)

🔐 Signature Verification: This message is signed with DrugHub's official PGP key
Fingerprint: 5707 BDBA D61B B085 38BC 0138 0377 F8AD 8EBC 3139 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

* If you have been assigned private mirrors, please bookmark
and use them, they should be always up.

* Permanent mirror (experimental, PoW enabled, you need a
recent Tor version):
http://drughub75eoe5pqwy4e5swpjpwz76vikb5t2qxzsslfr3s6kqok5lnad.onion

* Clearnet LDN:
https://drughub.in
-----BEGIN PGP SIGNATURE-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

wsBzBAEBCAAGBQJns1BbACEJEAN5+K2OvDE6FiEEVwe9utYbsIU4vAE4A3n4
rY68MToOcwgAk8y+CvJ6ucn6TigEgbhl8zx2zTJDFYu7FVEFZZmJTmLnX/6k
kUWdUBqrM7UlkyiadU8D0XqYzOheXiDywFAzLFzSWjqrM2spEPcI1tUyuZ6Q
8JArgQIDa9MEV4PFIfb6kY+jWFNNoGzJ0OB9PAIp3+zUO+9X/T1tz1ROj0nm
v5OgRzcg+2ebLY3a88Vwq+8/s0o9QDmvPi+z4udTEJeFo0BH9pvCCBX1yRxn
CEQhZwZjhwLPNrD0myFtWmSosOW4Keamk9qMCN4xpNKY9VqeVhY2YfYFjjAb
RI6UH6drtz+oGOsl9tiCSX5/lc5BQq+mG6B7Icj5+sFZeO2VCU8+0w==
=uinX
-----END PGP SIGNATURE-----

🔐 How to Verify PGP Signature

Step-by-step verification process:

Step 1: Get DrugHub's Public Key

Visit the About page and import DrugHub's official PGP public key:

gpg --import drughub_key.asc

Verify fingerprint matches:

5707 BDBA D61B B085 38BC 0138 0377 F8AD 8EBC 3139

Step 2: Save Signed Message

Copy the entire PGP signed message (from -----BEGIN PGP SIGNED MESSAGE----- to -----END PGP SIGNATURE-----) and save to a file:

nano mirrors.txt

Step 3: Verify Signature

Run GPG verification command:

gpg --verify mirrors.txt

Expected Output:

gpg: Signature made ...
gpg: Good signature from "drughubAdmin <drughub@gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!

✅ "Good signature" = Link is authentic

❌ "BAD signature" = DO NOT USE LINK!

🌐 Mirror Types Explained

🧅 Permanent Mirror (PoW)

URL: drughub75eoe5pqwy...lnad.onion

Features:

  • Proof of Work (PoW) enabled
  • DDoS protection
  • Requires recent Tor version (0.4.6+)
  • May be slower on first connection

When to Use: Primary mirror is down, under attack, or censored

🌍 Clearnet LDN

URL: https://drughub.in

Features:

  • Link Delivery Network (LDN)
  • Accessible via clearnet
  • Provides updated .onion links
  • Never use for actual transactions!

When to Use: Finding latest working .onion mirrors

🔒 Private Mirrors

Assignment: Given to active users via PM

Features:

  • Exclusive access
  • Higher uptime
  • Less crowded
  • Personal assignment

When to Use: If you've been assigned one, use it as primary

🛡️ Security Best Practices

✅ ALWAYS DO

  • Verify PGP signature every time you get a new link
  • Use Tor Browser exclusively (never regular browsers)
  • Bookmark verified mirror after first successful access
  • Check Dread forum (/d/DrugHub) for latest updates
  • Enable HTTPS Everywhere in Tor Browser settings
  • Cross-reference links from multiple trusted sources
  • Save PGP key locally for offline verification

❌ NEVER DO

  • NEVER trust unverified links from Reddit, Telegram, email
  • NEVER use clearnet proxies (onion.to, onion.ws, etc.)
  • NEVER access without Tor (exposes real IP address)
  • NEVER use VPN-to-onion services (defeats Tor anonymity)
  • NEVER trust Google search results for .onion links
  • NEVER ignore signature warnings (BAD signature = phishing)
  • NEVER share links publicly on clearnet (aids censorship)

🎣 Common Phishing Tactics to Avoid

⚠️ Phishing Method #1: Fake Clearnet Mirrors

How it Works: Scammers create clearnet sites (drughub-market.com, drughub-official.net) that look identical to real site.

Protection: Never use clearnet sites for transactions. Only use verified .onion links accessed via Tor.

⚠️ Phishing Method #2: Similar-Looking .onion

How it Works: Phishing .onion with 1-2 character difference (drughub75eoe5pqwy vs drughub75e0e5pqwy - notice 0 vs o).

Protection: Verify full .onion address character-by-character. Use copy-paste, never type manually.

⚠️ Phishing Method #3: Fake PGP Signatures

How it Works: Phishing sites show fake PGP signatures that look real but don't verify with real key.

Protection: Always run gpg --verify yourself. Don't trust pre-verified claims.

⚠️ Phishing Method #4: Email/PM Links

How it Works: Scammers send emails or PMs claiming "new mirror" or "urgent update" with phishing link.

Protection: DrugHub staff NEVER PM unsolicited links. Always get links from official Dread subforum only.

🚨 EMERGENCY: I Used a Phishing Site!

If you entered credentials on unverified site, ACT IMMEDIATELY:

  1. 1. DO NOT PANIC - Quick action can limit damage
  2. 2. Generate NEW PGP key pair immediately (old one is compromised)
  3. 3. Access REAL DrugHub via verified .onion (check signature!)
  4. 4. Enable 2FA/TOTP if not already enabled
  5. 5. Withdraw ALL funds to new wallet address
  6. 6. Report to DrugHub support via internal ticketing system
  7. 7. Monitor account for unauthorized activity
  8. 8. Change passwords on any reused services (never reuse!)

⏱️ TIME IS CRITICAL: Phishing sites immediately attempt to access compromised accounts and steal funds. Act within minutes, not hours.

⚠️ Final Security Reminder

Phishing is the #1 cause of credential theft and fund loss on darknet markets. Taking 5 minutes to properly verify PGP signatures can save you thousands of dollars and protect your identity.

When in doubt, DON'T USE IT. Better to miss a day of trading than lose everything to phishing.