pgp-verified · updated 21 apr 2026

Drughub verified urls

Every drughub market link on this page was confirmed against a PGP-signed announcement from the Drughub team within the last forty-eight hours. No affiliate redirects. No unverified scraped addresses. You get the real onion address, the current mirror, and the exact timestamp of the last check.

Phishing sites use drughub's interface as a template. The copies look identical. The only reliable difference is the onion address itself — and the only reliable source for the correct address is a PGP-signed announcement. That is all this page does.

2 verified links

48h check cycle

99.1% primary uptime

Access manual

Drughub marketplace interface screenshot showing the Monero-only darknet market homepage

The Drughub marketplace front page as it appears in Tor Browser. The PGP fingerprint in the lower-right footer is the primary authenticity check — compare it against the team's long-lived signing key before entering any credentials.

current addresses

All drughub onion links — April 2026

Two addresses currently active. Both route to the same underlying marketplace. Use whichever loads first on your Tor circuit. The primary absorbs normal traffic; the mirror exists for DDoS events. Bookmark both. See the getting started manual if you are new to Tor.

primary online · verified 21 apr 2026

Loading…

How to use

Uptime (30 days): 99.1%

Last checked: 21 Apr 2026

PGP source: Dread announcement

Response time: ~9 sec (Tor)

mirror · 01 online · verified 21 apr 2026

Loading…

How to use

Uptime (30 days): 97.4%

Last checked: 21 Apr 2026

PGP source: Dread announcement

Response time: ~12 sec (Tor)

mirror · 02 on standby · awaiting PGP confirmation

— reserved — under review

A candidate address is under review. It will appear here only after passing all three verification steps. No timeline given — correctness, not speed.

mirror · 03 on standby · awaiting rotation

— reserved — awaiting announcement

Reserved for the next rotation cycle. The Drughub team has indicated a third mirror is planned for the Q2 2026 period. No announcement has been made yet.

Phishing sites copy this directory's layout exactly. Always verify the onion address character by character before logging in. The last six characters are a cryptographic checksum — one wrong letter routes you to a different server. If the PGP fingerprint in the footer of the page you load does not match the one in the latest Dread announcement, close the tab.

Mirror uptime — last 30 days

All figures based on automated Tor-circuit checks every 4 hours. "Standby" entries excluded from uptime calculation.

Address (truncated)	Role	Status	30-day uptime	Last verified
`drughub75…ad.onion`	primary	● online	99.1%	21 Apr 2026
`rughubrwg…id.onion`	mirror 01	● online	97.4%	21 Apr 2026
`— reserved —`	mirror 02	standby	pending	awaiting PGP
`— reserved —`	mirror 03	standby	pending	awaiting rotation

Short interruptions — under thirty minutes — happen on any Tor-hosted service. Tor circuits route through three relays globally and are sensitive to relay churn. If a drughub onion link shows as temporarily inaccessible, it does not mean the address has changed. Try the other mirror, then return here after fifteen minutes. Sustained downtime of two hours or more usually signals a DDoS event or a planned rotation. In that case, check back here — new addresses appear within the same cycle that confirms the rotation.

how to stay safe

Verifying a drughub link yourself

You do not need to trust this directory. Every step below produces an independently verifiable result using only public tools. The verification chain is external to this portal by design.

Find the PGP-signed announcement on Dread

Open Tor Browser and navigate to the Drughub subforum on Dread. Look for the most recent mirror announcement pinned by the market admins. Every legitimate drughub url update comes with a PGP signature block attached to the post. Unsigned announcements should be treated as unverified regardless of how official they appear.

Copy the full PGP-signed message including the signature block. You will need it in step two.
Verify the signature with GnuPG

Install GnuPG if you have not already. Import the Drughub team's public key — the fingerprint is published on their Dread profile and has not changed since August 2023. Then verify the announcement you copied:
```
# Import the Drughub team's PGP key
gpg --import drughub-team-pubkey.asc

# Verify the signed announcement
gpg --verify drughub-announcement.txt.asc drughub-announcement.txt

# Expected: "Good signature from Drughub Team"
# Key fingerprint: compare against the one on their Dread profile
```
If the verification returns anything other than a good signature, do not use the addresses in that announcement. A bad signature means the message was modified after signing, or was never signed by the real key.
Load the address in Tor Browser and check the footer

Paste the verified onion address into Tor Browser. Once the Drughub marketplace loads, scroll to the page footer. Every legitimate drughub deployment includes a short PGP fingerprint in the footer matching the team's signing key. If that fingerprint is absent, different, or illegible, do not proceed.

This step catches phishing servers that replicated the Drughub interface. A phishing server cannot produce the correct footer fingerprint without the team's private key. It is the most reliable single anti-phishing check available.
Compare first and last six characters of the address

After pasting the address into Tor Browser's URL bar, visually compare the first six and last six characters of what you pasted against what appears in the address bar. Phishing operators build vanity addresses that match the first several characters of the real address. The last six characters are a cryptographic checksum derived from the server's key — they are what you are really checking. A match on the first characters only is not sufficient. Both ends must match exactly.

GnuPG terminal showing a valid PGP signature verification for a Drughub announcement

GnuPG signature verification of a Drughub team announcement. "Good signature" with matching fingerprint means the address in the announcement is authentic.

"One wrong character sends a Monero payment to a server that is not drughub. The check takes ninety seconds. The mistake is irreversible."
— From the Drughub access manual

drughub mirror links

Why Drughub runs multiple onion addresses

Three reasons the same drughub market operates under multiple onion addresses simultaneously. Understanding them helps you use mirrors correctly, not as a fallback of last resort.

DDoS resilience

Darknet marketplaces are constant targets for distributed denial-of-service attacks — from competitors, extortion rings, and researchers probing infrastructure. When a primary drughub link is saturated, traffic routes to a mirror on a separate server with a fresh Tor circuit pool. The marketplace stays reachable. The same attack hits one address, not both simultaneously. Bookmarking the mirror is insurance, not paranoia.

Planned server migration

Drughub migrated servers in 2024 as part of post-acquisition infrastructure consolidation after absorbing SuperMarket. Mirror addresses allow a zero-downtime transition — the new server goes live as a mirror first, traffic gradually shifts, and the old address is deprecated after the migration confirms stable. Users who bookmarked the old drughub link see a redirect notice pointing to the new primary. The portal history page covers the 2024 migration in detail.

Operational security rotation

Rotating onion addresses periodically is standard darknet operational security. A long-lived address accumulates more targeting data — traffic analysis attempts, relay correlation attacks, infrastructure fingerprinting. Periodic rotation resets this. The Drughub team announces each rotation on Dread with a PGP signature, giving users a verified path to the new drughub market url without relying on clearnet search results. The rotation cadence is irregular by design — predictable rotation schedules are exploitable.

Drughub interface showing the mirror navigation and address display in Tor Browser — The Drughub marketplace interface as seen in Tor Browser. Notice the absence of JavaScript-dependent elements — the market renders fully with JS disabled, which is the recommended Tor Browser security setting.

source comparison

Where to get a drughub link — and where not to

Not all sources for drughub onion links are equal. The table below covers the four most common types. The differences in PGP verification and update frequency are not minor — they determine whether you land on the real market or a phishing clone.

Source type	PGP verified	Update frequency	Affiliate/redirect	Phishing risk
drughubportal.live	Every 48 hours	Each verification cycle	None	Screened
Dread forum thread (official)	PGP-signed by team	On rotation only	None	Low (with key check)
Ad-supported link directories	Rarely	Irregular, often stale	Common	High
Clearnet search results	Never	Not applicable	Common	Very high

The official Dread thread is the primary source — this directory monitors it and republishes verified addresses with timestamps. Using this directory is not a shortcut around Dread; it is a pre-checked snapshot of Dread's verified output, with the three-step verification already completed for you.

Drughub primary vs. mirror — what differs

Property	Primary link	Mirror link
Onion address	drughub75…ad.onion	rughubrwg…id.onion
Marketplace content	Identical	Identical
Account access	Same account on both	Same account on both
Order visibility	Full order history	Full order history
Response time	~9 sec (Tor avg)	~12 sec (Tor avg)
DDoS priority	Primary target	Secondary (lower traffic)

before you connect

Security practices for using drughub links

Getting the correct drughub market link is necessary. Using it safely is a separate step. These nine practices cover the technical baseline. None of them require advanced knowledge — only consistent habits.

Use only Tor Browser Regular browsers cannot reach .onion addresses. A VPN alone does not substitute for Tor. Download Tor Browser from torproject.org only — every other source has distributed malware at some point.
Set security to Safest Tor Browser's Security Level → Safest disables JavaScript globally. Drughub renders without JS. Enabling JS expands your attack surface without adding any functionality.
Never resize Tor Browser Maximizing the browser window creates a fingerprint based on your screen resolution. Keep Tor Browser at its default window size.
Pay from a self-custody wallet Drughub only accepts Monero. Paying from an exchange wallet ties the transaction to your identity. Use Feather Wallet or Cake Wallet — wallets you control.
Consider Tails OS For higher-threat use cases, run Tor Browser inside Tails from a USB stick. Tails leaves no trace on the host machine and routes all traffic through Tor by default.
Store your PGP key properly Your drughub account is tied to a PGP key. Keep the private key on a dedicated device in cold storage. KeePassXC handles encrypted key storage well. Cloud backups of private keys negate their purpose.
Do not reuse identities A username or email used anywhere on the clearnet should not appear on drughub. Separate personas, separate keys, separate devices when threat level warrants it.
Use GnuPG for all messages All vendor communication on drughub should be PGP-encrypted regardless of whether the platform enforces it in a given message thread. Plaintext messages are a liability.
Read Privacy Guides The Privacy Guides project maintains current, non-commercial recommendations for operational security. One afternoon with that resource is the highest-leverage preparation available before a first drughub visit.

What is a drughub mirror link?

A mirror is an identical copy of the primary Drughub site running on a separate server. The same accounts, orders, and listings exist on every mirror — they share a common backend. Mirrors exist because large darknet marketplaces absorb constant DDoS attacks. When the primary drughub link is under load, the mirror absorbs traffic. Every mirror on this directory is PGP-signed by the Drughub team before it is listed. Use whichever address loads first on your Tor circuit. Bookmark both.

How do I verify a drughub onion link is real?

Three steps. First, find the address in a PGP-signed announcement from the Drughub team on Dread. Second, open the address in Tor Browser and check that the PGP fingerprint in the page footer matches the one in the announcement. Third, compare the first six and last six characters of the address in the URL bar against what you pasted — phishers build vanity addresses that match the beginning, but the last six characters are a cryptographic checksum they cannot replicate without the real server key.

Why do drughub links change?

Drughub rotates onion addresses after sustained DDoS attacks, as a routine operational security measure, or when migrating to new server infrastructure. Each rotation is announced on Dread with a PGP signature from the team's long-lived signing key. This directory updates within two hours of a new signed announcement. Rotations are irregular by design — a predictable schedule would let attackers time infrastructure moves around it. When an address changes, both the old and new addresses are reachable briefly during the transition, then the old one is deprecated.

Can I use a drughub link in a regular browser?

No. .onion domains are only reachable through the Tor network. A regular browser cannot resolve them — the DNS lookup will simply fail. You need Tor Browser, downloaded directly from torproject.org, to open any drughub onion link. A VPN alone is not sufficient. Do not use third-party Tor implementations bundled with other software — they have historically been compromised.

What does PGP-verified mean for a drughub url?

PGP-verified means the address appeared in an announcement signed with the Drughub team's cryptographic private key. A valid signature proves that whoever wrote the announcement held that specific private key at the time of signing. Since only the Drughub team holds that key, a verified address is authenticated as the real one the team is operating. This is verified using GnuPG against the team's original key fingerprint, not against any key claiming to be Drughub.

Are all drughub mirrors identical?

Yes. All mirrors run the same codebase and share the same database. An account created on the primary is fully accessible on any mirror. Orders, messages, and escrow transactions placed on one address appear on all addresses. The only difference is the onion address itself and, in practice, the server's capacity to absorb DDoS load at a given moment. Drughub runs without JavaScript on all deployments, so every mirror behaves identically in Tor Browser on the Safest setting.

What should I do if a drughub link stops loading?

Wait ten minutes and retry on a new Tor circuit — use the "New Tor Circuit for this Site" option in Tor Browser. Tor circuits are unstable; a brief failure does not mean the address changed. If it stays down, try the mirror link listed on this page. If both fail simultaneously, the marketplace is likely experiencing maintenance or absorbing a DDoS event. Check back here after an hour — if the address rotated, the new one will appear in the next verification cycle. Do not search clearnet sources for "working drughub link" — that is where phishing operators operate.

How often are links updated on this directory?

Every 48 hours. A scheduled verification cycle checks the latest PGP-signed announcement from the Drughub team against what is currently published here. If the address changed, the directory updates within the same cycle. The last-verified timestamp on each link card reflects exactly when the most recent successful check completed. If the timestamp is older than 48 hours, something is wrong with the verification process and we will explain why on the homepage.

Why are there only two drughub links listed?

We publish only addresses that have passed all three verification steps. Right now the Drughub team operates two PGP-verified addresses — a primary and one active mirror. Two reserved slots are listed as pending because we have candidate addresses under review that have not yet cleared all three steps. A longer list of unverified drughub mirror links is more dangerous than a shorter verified one. When additional mirrors are formally announced by the team and pass verification, they appear here. Until they pass, they do not.

The verified drughub link is above.

Copy it, paste it into Tor Browser, check the footer fingerprint. That is the complete process. The access manual covers everything else.

Loading…

Read access manual

Open only in Tor Browser. Regular browsers cannot resolve .onion domains.
Pay with Monero (XMR) from a self-custody wallet, not an exchange.
Check the PGP fingerprint in the footer when the page loads — it must match the team's key.

Drughub verified urls

All drughub onion links — April 2026

Mirror uptime — last 30 days

Verifying a drughub link yourself

Find the PGP-signed announcement on Dread

Verify the signature with GnuPG

Load the address in Tor Browser and check the footer

Compare first and last six characters of the address

Why Drughub runs multiple onion addresses

DDoS resilience

Planned server migration

Operational security rotation

Where to get a drughub link — and where not to

Drughub primary vs. mirror — what differs

Security practices for using drughub links

Questions about drughub urls and mirrors

The verified drughub link is above.