News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

HELP: A phishing version of Empire Markets 'Verify PGP' Key Verifies : PGP | Torhoo darknet markets

Hi all,

I'm still new to the DN and am working with PGP. A link was posted yesterday to a phishing version of Empire Market. I went to the 'verify mirror' page expecting it to fail but the PGP verified for me? I don't understand how this happens.

The link to the PHISHING MIRROR is
sik7v4pjcyzleuqz3ypnrazzcakzf7go2jqm5xouoyy5xymqyzi4l6id.onion

and the signed PGP message they have is:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is a PGP signed proof of mirror, signed by the Empire Market server's PGP public key.

		sik7v4pjcyzleuqz3ypnrazzcakzf7go2jqm5xouoyy5xymqyzi4l6id.onion

		2020-17-05 12:55:11

		
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEnRcbLPGM3/4lRTjokWAm9W6rgx4FAl7AtaEACgkQkWAm9W6r
gx4psA/+LfIAkS6HcF4ADM4JYSTRQn4fNXtxmKoRk7bZnxkyhZ2TIjCDirFK7fd4
DX5s+2MXYa4iq8h7ULUW3tg1KchrpXo18g2BSC5AOvKis+ijCgkNkNGzm4EkOFyq
TekZ86m+qFleLYgdAwxXqMz0UT+rPR2CKtIcqngQJ8tPwZ9P1aRye4+AbhCHKdPc
lEYMPWluuJayeijSKhJ/WW9cxRkQVx6XI+uRvSaWxETyT7nsZIhpoL/vwiWkdTx+
xHs7JOTl7kDUl9eysSh+DaDviLbFlDZhv9HMP9bbwtZXJJkW4VNFi/BRka0wx2aU
ykmHZi5i8Rp+HyN6R7RuVff8jh05Sa+qRbo+A6icKnB1cK6S3BMJYYDzRujEw5O1
6n+1dhpH6e3KIr2p2GAa7UhVmIZ0tnZZIcdk6ktDopsy5T7+dWLk1ryAFS5MJsx6
7MNa1LTCK/wv+A90T313xAb3e4rDSejJXrxTAqsOJo+yJu3VkOgsMH/EeLVvXWiH
YggYq1t4rZ7VJ6qB/6YnD+oan1LMOu+TdJHb5hi9gnpBiVqjQOpTFvqsr70S5ifU
IkemztbqHWUWrT0TPyl2nI6C8uqG5z6bNMH7Y4FJAxLwj+2Ckl461YsB/+wh4OET
iHC4Gu9aapO8zsTtu7pC1YDMG4e7n3G/+ZLWIVBGLs7TWDOJyPQ=
=YGJh
-----END PGP SIGNATURE-----
and the official PGP I have for empire market is 
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFoTKj4BEADF8SRTYfFg17I5cYMbIGYBg2nLb8kCOL47vE6k38yUme0Lp42f
FKyoaSCaERFAjFwRKFpS1pRFZRDCFzC4dNGhSGusHpUcdw2WOE2wt+cKcuMjW1JU
asB6jOBw5UsKuHCMcPe6zur/rWvW80ZoijXHABsoiLjagmDRqNxLCGf06vrEfViD
uJchyusaM5WBzcDASBUPc65m0MecaB479kinxYjQWf0btadnuJVhHsv8hRosuC3z
FsHfDEsCB1A6nr0ivHa8gECEI/5mAYdB7fVWin6sig1aganAJmmqqbaveT/s7LvQ
JqQ2HAHLvUkqndQSPtuDboB+8FY2XDLPy+V7zP7McQJVHeUyiycVhsrZJnclZh/Y
/NAF9IcfiOcDYYoHntrU0inWjw6u+72UTtxMLZ4zIYxYVFiijyR855XmEfLz007E
Sk0h4FHojoJCl7wQVuSmxHXB/gLsGb+znDd/z4NMWFUJOVdKtdW76fINvkq4c5lE
7ql8Cq1HkhYaUBvqovBrKvIII+cyFlu87WLGpCm0nQFNi+M5nuZ8U3sH2NJ4Nr9h
Bt4TdW/Qou9FmLFoWiqCXiUvlFMqhxBckaJtxqRV0KV/X7jVfaQpJCcWgJf2jhCy
6HR+8lB8uj9hCykpfLOTlZ61ETSjVJC5t6vHyEQDO/+r4LXhF9Io/ybqrQARAQAB
tCRFbXBpcmVNYXJrZXQgPGVtcGlyZW1hcmtldEBub25lLmNvbT6JAjkEEwECACMF
AloTKj4CGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCRYCb1bquDHnba
EADDNlgnN1wSBgXXiD4Ju8z9ddab9lBdkspWSxdTUbqnN+uGNZhTgaIMosv6d11X
osqPBiDmaa9+afigf8KsqmqC6f3JzqaLkRug2JaEcHCH/hGBes36skxCF7zxk/Ju
Mmnu/I1mwt4fP/4ebdG2ygWU+MEVFhiy8GYGUQ7X2KOJcDQGP+8Sp4Zl6U/TL/9f
wg+ThXisiHEpOTDAbPDmf6ZJQO0Dl5tQMogpn156+xwlCon3Fhr0ycwkix2EJCzz
sHJaugCdVP8ssUobwsPB4QpEkubsOcfOKig2bxnM4CMYzMfSn7eXVvOM4qg3CGR5
kxha8LVC1ib/O7XJbvKbwxwjrO0/+PWeoLNwgYV40SJeI4jm/xi6hWqPGMObn/xx
+M13WUQA5LwfhUpmbLbplm8rt38BAld++tFTdNneQIPM74LXNUUuEWiKJPcAnx0L
GjWCMwsOOe/2D9178L5BXsLh0Ext9xNU3krp7VeHRtOFlRDOdg6YZbZ3nonLswLG
V9xrcMAYmEKwWNaLZAr/tPq6k8glo9rCfCCN50kG9h77kZi5zdUgHtxZFHUKs/Vs
0HhrdqXK6qGjQ/AijhA0IgPuWbCy9bUtU5iaUeA6z51+vxbda0bMmQwO1dv0JUXI
TeTDcleRszfXwsuiCwviiUloKKa27JuBChQ3vy6iVwBUB7kCDQRaEyo+ARAAsyNM
mlYo8a1qI8qOF2LEq8NoGTHBe8u1N4Q1rlOfIw6mEUgDD9G+QAUPPVcpwjTDdTC0
zzoRkpUbqOMpNJqpCA1xTUJBnuBdyRtq/vEyuVSxc8niji9sbkxj2psn5tu//dfy
2MxNbFP1JnBRQ5dEIj6d5kcZt0+EhwXqmKvKPPhMeVEz4E4fDOZeMqrbmcY4iiTT
qFdN8aJ3E+tJ6pS6HUWwgMOwcQhCzah5q6eMaqtZA7PnuIpeudeVok0i5pvyfDmJ
sB4nqeeJFyzgNsGy5GkN4vI2zX7luYrxzrDIkmTIwCFmPk9PQHiAY0I+OqeUoPiL
HUizvschbKV3TqSYNwlyi5GTymysCKbHvyqGdNgRJxAzV6htDymEBkB5egj98DhM
UxCP9P1lhjEkf6GSJK0Y6cppL1NkjD2VG/BT++SqznQCbey1kuZ1UGFaDOpN1vQv
F5zSG2t7WLmoZU3k7X3ljpZpSBD2EFcac/wQ+6uE9UMiFU1y9AImC/AqC3oIWE8S
gPmG7FULN2pjfQ7wPNqovChtxB3lAqzzzFTX+7UDMiGf8oakxkvwIjQkUL5zEOXn
rTvKLaSy4ehxpcyLvU5GXgMyWMaugp04ff3UeJ680eM+P/zJAt81hggOJNqqMVm5
aiEuY1yBV9TcZF8qRNwX53UtjGg6YQ0wRgqAp2kAEQEAAYkCHwQYAQIACQUCWhMq
PgIbDAAKCRCRYCb1bquDHrKOEACtjY0GUx3wkoDXqLKErhsIwou1MBtQgSZnkrU0
2MLrRgOa2zABIsFSSLRVJez4oNEYpq6s3dt7zZTBR4Xuc1MGQHbfW5LRnwi+oD+X
MqKLYwLPVUlxLdFvF5sl6I+LKRhQTm3CZ56RC2XEyhsBBDSFG6eJGkiV1WHqBBDW
OI6M/hCs05bpyCpMixXzagGv97j7JITNZdS8NbiYU44jbqdTSa6sDvQ/gnPAB9p0
JAZCDmN0uLZ6zr2S7ovDl7O+1YUj8oKNkcnynlzl4CmQ539Js5SzdGaQ98fPIDgU
zDfP6m77+MlmgzDkOxsWfzK87Rw2AsWQTZILc7pZvLoTFHsMsp4nKUOTWj5Aj2PA
zngdH5wkYBTAb3aaVxfdw3HoJ6eKmAnK7fdmP9XBVCZFlJCppw9lc6Jh6/SPcNbr
33rkvO88YTCq5nCwYEGlZ90PwHGGJqzNBW/v+MJf89eithynE74QRReVNuJDwmdd
qg0/+/nuFsfglbRHCAMGpFnYART42aHILnJAd86+9t6m9q3f3fUqR7e93Zl7R8I9
Ol3Mtrgn8/IyiqUvFxHM91BdWMkWRv4jirytBe8+JC49GNEf0hMuBw3IqukiQpC9
2J0mCuRoJwqtH10lk226lRN7RVwTJFnZHXotewzMmmkEc+M8EHofjLLAw9p2VA8C
Y+2Rlg==
=eO6H
-----END PGP PUBLIC KEY BLOCK-----


Any reason why this is verifying for me?
/u/OnionUrl OnionUrl.org Owner
1 points
5 years ago*
The mirror is a legitimate empire mirror.

GOOD signature by Empire Market (EmpireMarket)

Signed 2020-05-17 03:55:13 +0000 UTC by key ID 916026F56EAB831E

Signing Key: EmpireMarket <empiremarket@none.com>

Fingerprint: 9D17 1B2C F18C DFFE 2545 38E8 9160 26F5 6EAB 831E
Key ID: 916026F56EAB831E
Created: 2017-11-20 19:17:18 +0000 UTC
Bits: 4096
/u/PrincePhilipsBottomBitch 📢
1 points
5 years ago
My mistake. I got the link from this post /post/4165d34e517ea5a5c81a and people there were saying it was a phishing link. So I thoroughly thought I was missing something with PGP. Thanks!
/u/odinseyepatch
2 points
5 years ago*
It's not a phishing link, that's why it verifies.
It's also listed on dark.fail onion if you need more proof.

If a link verifies it's legit.
/u/PrincePhilipsBottomBitch 📢
1 points
5 years ago
Ooo, my mistake. I got the link from this post /post/4165d34e517ea5a5c81a and people there were saying it was a phishing link. So I thoroughly thought I was missing something with PGP. Thanks!
/u/heIixman21
0 points
5 years ago
[removed]
/u/PrincePhilipsBottomBitch 📢
1 points
5 years ago
How about fuck off?
/u/heIixman21
1 points
5 years ago
[removed]
/u/PrincePhilipsBottomBitch 📢
1 points
5 years ago
I'm sure your mom will kill me with her fat vag flaps.

Why the fuck would a market allow their PGP private key to be used for phishing? That would fuck their rep wouldn't it?

I'm not doing anything wrong in the process of verifying it against that pub key I posted? There isn't a way they could spoof the fingerprint and make it work?
/u/heIixman21
1 points
5 years ago
[removed]
/u/PrincePhilipsBottomBitch 📢
1 points
5 years ago
Good explanation for me, is white house worth a fuck?
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo