🚨 URGENT NOTICE to All DN Users The clearnet domain drughub.to is currently redirecting to a site that provides onion mirror links to DrugHub Market. However, each mirror it lists comes with a PGP signature that fails verification.
What This Means: drughub.to redirects to hubrotator.link
This site lists several onion mirrors supposedly signed with the DrugHub master key
The key fingerprint looks correct:
DA08 FAC3 8F57 31B3 1FC5 A1EE 0DF7 7920 9883 8DF5
But ALL signatures come back as “BAD SIGNATURE” when verified using GPG or Kleopatra
⚠️ This is probably a Coordinated Phishing Operation
This setup mirrors tactics we’ve seen before:
Use a real-looking clearnet domain (drughub.to)
Redirect to a professional-looking “hub” (hubrotator.link)
Copy the real master key to look legitimate
Post mirror links with invalid or forged PGP signatures
Trap users who don’t check before clicking
What’s the point?
If you click on these links or trust the mirrors:
You could end up in a DrugHub phishing clone
You risk entering credentials into a fake login
You could send cryptocurrencies to fake supplier listings
You could be de-anonymized or logged in by LE
What You Should Do
Do NOT trust any links from drughub.to or hubrotator.link. Get your links from those listed in this subs WIKI (Reddit) listed under “Link Sites” or from Dread.
Only use onion links that come with a valid and verifiable PGP signature
Always verify:
gpg --verify signedmessage.txt
If a single link in a message fails verification, assume they are all compromised
EDIT: Same configuration possible for dark matter. They also have a darkmatter.to. I’ll check tomorrow.
Final consideration:
If they’re trying to trick you with fake signatures, they’re trying to rip you off. Don’t fall for it. Check everything. Don’t trust anything that fails.
Original post (in Reddit): https://www.reddit.com/r/darknet_questions/comments/1m1wfzw/warning_drughubto_is_likely_a_phishing_site_all/