URGENT NOTICE to All DN Users The clearnet domain drughub.to is currently redirecting to a site that provides onion mirror links to DrugHub Market. However, each mirror it lists comes with a PGP signature that fails verification.

What This Means: drughub.to redirects to hubrotator.link

This site lists several onion mirrors supposedly signed with the DrugHub master key

The key fingerprint looks correct:

DA08 FAC3 8F57 31B3 1FC5 A1EE 0DF7 7920 9883 8DF5

But ALL signatures come back as “BAD SIGNATURE” when verified using GPG or Kleopatra

️ This is probably a Coordinated Phishing Operation

This setup mirrors tactics we’ve seen before:

Use a real-looking clearnet domain (drughub.to)

Redirect to a professional-looking “hub” (hubrotator.link)

Copy the real master key to look legitimate

Post mirror links with invalid or forged PGP signatures

Trap users who don’t check before clicking

What’s the point?

If you click on these links or trust the mirrors:

You could end up in a DrugHub phishing clone

You risk entering credentials into a fake login

You could send cryptocurrencies to fake supplier listings

You could be de-anonymized or logged in by LE

What You Should Do

Do NOT trust any links from drughub.to or hubrotator.link. Get your links from those listed in this subs WIKI (Reddit) listed under “Link Sites” or from Dread.

Only use onion links that come with a valid and verifiable PGP signature

Always verify:

gpg --verify signedmessage.txt

If a single link in a message fails verification, assume they are all compromised

EDIT: Same configuration possible for dark matter. They also have a darkmatter.to. I’ll check tomorrow.

Final consideration:

If they’re trying to trick you with fake signatures, they’re trying to rip you off. Don’t fall for it. Check everything. Don’t trust anything that fails.

Original post (in Reddit): https://www.reddit.com/r/darknet_questions/comments/1m1wfzw/warning_drughubto_is_likely_a_phishing_site_all/