Verifying Onion URL's : Superlist | Torhoo darknet markets

Text taken from updated version of the DNM Buyers Bible

Before we begin #

Before we begin it is important to understand why you should always take 10 seconds to verify your onions. In the past people have used sites such as Darkfail or Darknetlive as a trusted source. No source should ever be blindly trusted without manually verifying the onion yourself. Whether it’s a phishing site or reliable source, you can lose your coins. In April 2021 both DarkFail and Darknetlive were hijacked by a phisher. All of the links were changed to phishing links, and many buyers lost thousands! It’s important to know even with 2fa you CAN lose your coins! 2fa can help you, but many phishing sites have become a lot more advanced, many look and function just like the normal market you are on. The only way you can be sure is by verifying the onion!

To understand what happened with DDF/DNL I’ve included it all later in this chapter.

No matter where you get your onions, a reliable source can run into issues, always manually verify!

How to verify an onion address #

Verifying onions. It’s such an important thing yet so many people don’t know how to do it properly. Always, regardless of where you get the onion from take the time to verify it. You never know when you have a typo, or a simple error. Taking the 10 seconds to verify can save your coins from falling to a phisher.

Darkfail has a great tool to help you do it, but no one resource should be blindly trusted. You should always manually verify the onion address yourself!

Note: Before you can verify you are on the correct Onion make sure you understand how to verify a PGP signature.

Now that you know how to verify a signature we can verify an onion address. First we need to get a markets pgp key. Most markets put them on their subdread, but if not you can put /pgp.txt at the end of the mirror you want to verify. It should look like this: MarketOnionAddress.onion/pgp.txt

You’ll probably have to complete a captcha. Then you should see the markets PGP key. Import the key like normal. (See above if you need help)

Once you have it imported put /mirrors.txt at the end of the onion you are on. It should look something like this MarketOnionAddress.onion/mirrors.txt You should see a page with some information like this on it:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Here are our onion links:

ar3a3uxsmdjvlv3o.onion
effma5umlll2bxmd.onion
xw7w4apecxzw4t7h.onion

- SomeDarknetMarket

-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJYsU1SAAoJEMPzj/CHV15DkfgP/RcJw9EtFiv/+4LIV5rrgqcF
+FHEZiYb5jQhsqHrR7jS69rAwxzMD/rttQxMMw4cXBDh/dQaelwOVWbcy4DUwHaj
c3gFOzt/42VK40LcQlEs
=ON6z
-----END PGP SIGNATURE-----

Note: Some markets don’t use mirrors.txt check their subdread for what you should put at the end to verify.

If you see a message like above you can now verify the message is signed by the market pgp key you imported. It should come back with good signature at the bottom ,and at the top you will see a list of the current market mirrors. Make sure the address you are on matches one of the ones in the signed message. If it does you are on a official market onion!

Once you do this a few times it really only takes about 10 seconds to do. Always take the time to verify an onion regardless of where you get them from
Practice verifying #

Lets practice so you can see what it will look like when you verify an onion!
PGP key #

First import the bibles pgp key from the /pgp.txt page

Your onion should look like this: http://biblemeowimkh3utujmhm6oh2oeb3ubjw2lpgeq3lahrfr2l6ev6zgyd.onion/mirrors.txt
Verify #

Once you have the key imported go to the /mirrors.txt page.

It should look like this: http://biblemeowimkh3utujmhm6oh2oeb3ubjw2lpgeq3lahrfr2l6ev6zgyd.onion/mirrors.txt

Verify the signature made on there. The top one will return good and look like this:

The bottom one will return bad and will look like this when you try to verify it:

Notice the mirrors looks similar to the official bible onion? This is what happens all the time so make sure you compare the onion you are on and make sure it matches on in the good signature.