AnubisDomains › Mirrors

Anubis Market mirrors — verified onion URLs

All currently verified Anubis Market mirrors and onion URLs for 2026 on AnubisDomains. 3 live v3 endpoints. PGP-signed source.

All Anubis Market mirrors — full list

• anubisr3we5jtzk2uftz75f4jdzpuwapkdyhxe2vu4qedrcxvhmdk6yd.onion
• anubisrtxafdx7ycjgdut2ndwmuz4owkf4h4hd757km2mpzbsaf6wvyd.onion
• anubisrv4xfpg5t5cj3qmivaabcaflscw4onvdyw3w4bx53tysrzkpad.onion

What is a mirror?

A mirror, in Tor marketplace vocabulary, is one of the v3 hidden-service addresses an operator publishes for the same marketplace. The marketplace itself is a single back-end; the mirrors are alternate entry points to it. Anubis Market publishes 3 concurrent mirrors, all of them resolving to the same site. If one is under DDoS, paste another from the list above into Tor Browser and continue — same login, same balance.

Why operators rotate mirrors

Denial-of-service pressure against a single onion is cheap to mount. Keeping several active limits the blast radius. Operators retire onions when the corresponding private key has been rotated, or when an address is being attacked beyond what diversity alone fixes. New onions appear when the pool is topped up. Updates are announced on the operator’s Dread account with a detached PGP signature; any out-of-band post in Telegram or Reddit is not authoritative.

How to verify a mirror you found elsewhere

If you have an address that’s not in the list above and you want to check whether it’s genuine, the strong-verification step is to compare it against the operator’s most recent PGP-signed Dread post. Import the operator’s public key, paste the signed message into your PGP client, and confirm the signature validates. A mirror in a successfully-validated post is authentic. Anything else — Telegram, Reddit, email, chat — is unverifiable and should be treated as a likely phishing artefact.

Partial-prefix matching is not a verification

Several Tor marketplaces use vanity prefixes — the first eight to twelve characters of the address are operator-chosen for memorability. Anubis is one of them. A phisher running vanity generation will produce a string matching the prefix and randomise the rest of the address, hoping you stop at the prefix. The full 56-character fingerprint is the only thing worth verifying.