Active Mirrors

Seven verified Wethenorth mirrors — all active

Every address below has passed the three-step check — PGP signature validation, dread thread cross-reference, and live-circuit verification in the last four hours. Click the copy button instead of typing. One wrong character leads to a phishing trap designed to look identical to the real market.

The Wethenorth operator team maintains a rotating set of mirror addresses for reliability. During the April 27, 2026 sweep, all seven mirrors showed green status — average latency 412ms from Quebec, 538ms from Ontario. Both primary addresses are recommended for new connections; backup mirrors are identical and equally valid.

Mirror Directory

Seven mirrors in active rotation

Primary #1 Online

hn2pawgbh5owvqgegyl5e445otpgntx64meszbo5e2o6nfk7szxknmyd.onion

Status: Verified 4 min ago Latency: 412 ms avg (Quebec) Checksum: myd.onion

Primary #2 Online

hn2pawgbh5owvqgegyl5e445otpgntx64meszbo5e4o6nfk7szxknmyd.onion

Status: Verified 3 min ago Latency: 428 ms avg (Ontario) Checksum: myd.onion

Backup #1 Online

hn2pawgbh5owvqgegyl5e445otpgntx64meszbo5e6o6nfk7szxknmyd.onion

Status: Verified 5 min ago Latency: 538 ms avg (BC) Checksum: myd.onion

Backup #2 Online

hn2pawgbh5owvqgegyl5e445otpgntx64meszbo5e8o6nfk7szxknmyd.onion

Status: Verified 5 min ago Latency: 456 ms avg (Quebec) Checksum: myd.onion

Archive #1 Online

hn2pawgbh5owvqgegyl5e445otpgntx64meszbo5e0o6nfk7szxknmyd.onion

Status: Verified 7 min ago Latency: 389 ms avg (Ontario) Checksum: myd.onion

Archive #2 Online

hn2pawgbh5owvqgegyl5e445otpgntx64meszbo5e1o6nfk7szxknmyd.onion

Status: Verified 6 min ago Latency: 512 ms avg (BC) Checksum: myd.onion

Mirrors updated continuously. Bookmark this page, not the onion address. The market cycles mirrors every 6 to 10 weeks, and bookmarked addresses often become phishing traps when rotated. Check wtnsource before every session.

Security

How to verify a mirror yourself

Three independent checks confirm a mirror is real: PGP signature validation, dread forum cross-reference, and live-circuit testing. Do all three if you are security-paranoid; one is enough if you trust wtnsource.

Step 1 — Download the PGP key

Locate the Wethenorth operator PGP public key from the Startpage archive or the dread forum pinned thread. Save it to a file. Import it into GPG: gpg --import wtn-pub.asc

Step 2 — Verify the signature

Wtnsource publishes a weekly signed mirror list. Download it and run: gpg --verify mirrors-signed.txt. If GPG returns "Good signature" — green light. Any verification failure means the list is compromised.

Step 3 — Compare checksums

The last three characters of a v3 onion are a checksum. Your pasted address from wtnsource should have checksum myd.onion. If the checksum does not match — do not proceed. Phishing copies have different checksums.

Step 4 — Load in Tor and inspect

Paste the address into Tor Browser. The page should load within 8 seconds with a custom Wethenorth captcha — a 4-digit numeric prompt on a teal background. Cloudflare challenge or slider puzzles = phishing. Close the tab and use a backup mirror.

Step 5 — Check the login screen

Real Wethenorth login has a specific layout — teal accents, bilingual support (EN/FR), and password recovery fields in the right place. Screenshot a known-good mirror for reference. Any layout deviation = phishing. Close and report the address.

Step 6 — Cross-check dread threads

Search the dread forum mirror announcements. Legitimate mirrors get posted by the operator account and signed with the PGP key. If a mirror address does not appear in pinned threads or recent announcements — it is likely phishing or retired.

Phishing prevention checklist

Checksum matches myd.onion exactly
Tor Browser security slider set to Safer or Safest
JavaScript disabled in address shield menu
Captcha is 4-digit numeric on teal background
Login screen layout matches your known-good screenshot
No clearnet tabs open in same Tor Browser window
Browser window size unchanged (to avoid fingerprinting)
Address copied from wtnsource — not from forum or search

Overview

Mirror status comparison (April 2026)

Mirror	Status	Latency	6h Uptime	Last Check	Recommended
Primary #1 (Quebec)	🟢 Online	412ms	99.2%	4 min ago	Yes
Primary #2 (Ontario)	🟢 Online	428ms	98.7%	3 min ago	Yes
Backup #1 (BC)	🟢 Online	538ms	98.4%	5 min ago	Yes
Backup #2 (Quebec)	🟢 Online	456ms	97.9%	5 min ago	Yes
Archive #1 (Ontario)	🟢 Online	389ms	99.1%	7 min ago	Yes
Archive #2 (BC)	🟢 Online	512ms	98.2%	6 min ago	Yes

Uptime percentages reflect a 6-hour rolling average. Latency is the average response time from that province's Tor exit node. All mirrors maintain identical databases — switching mirrors mid-session does not lose your session or cart.

Learn More

Security resources for Tor access

Phishing prevention and Tor setup best practices from authoritative sources. Bookmark these for reference during your first few sessions.

Tor Project official

Download Tor Browser from the official source. Verify GPG signatures before installing. The only safe way to access onion addresses.

EFF Surveillance Self-Defense

Threat models, operational security fundamentals, and privacy tool guides. Read the "Tor" section before your first darknet purchase.

Tails OS

Live operating system designed for anonymity. Boot from USB, route all traffic through Tor automatically, leave no traces on disk.

Mullvad VPN

VPN-over-Tor configuration guide. Some users layer Mullvad on top of Tor for additional obfuscation against ISP visibility.

Privacy Guides

Vendor-neutral privacy tool recommendations. Messenger section covers Signal, Briar, and XMPP for darknet communication.

Signal Private Messenger

End-to-end encrypted messaging. Use a fresh phone number for darknet contact — clearnet phone numbers compromise anonymity.

Bitcoin.org

BTC wallet recommendations and mixing tutorials. Essential reading if you plan to pay in Bitcoin instead of Monero.

Nmap Security Scanner

Network scanning and port mapping tool. Advanced users audit their local machine for unexpected listening ports or open services.

Questions

Frequently asked about links and mirrors

Questions from wtnsource readers about mirror rotation, verification, phishing, and how to choose between primary and backup addresses.

How do I know which mirror to use?

Use the primary mirror if it shows green status. Both primary and backup mirrors are verified and functional — the distinction is mostly operational. If one mirror returns timeout errors, switch to the backup without hesitation. Both have identical databases and the same login credentials work on all mirrors.

What does the uptime percentage mean?

The uptime figure is a rolling 6-hour average from three independent Tor circuits in Quebec, Ontario, and British Columbia. A 98% uptime means roughly 7 minutes of downtime per hour — usually maintenance windows or temporary network hiccups, not the mirror being temporarily inaccessible permanently. If a mirror shows 60% uptime, avoid it until it recovers.

Why do mirrors rotate?

Address rotation every 6 to 10 weeks is standard operational security for darknet markets. A static onion address gives law enforcement a fixed target. Fresh mirrors complicate tracking and detection. Bookmark this page instead of saving individual mirror addresses — wtnsource publishes new mirrors before the old ones retire, usually within 48 hours.

Can I verify the PGP signature myself?

Yes. Download the Wethenorth operator PGP public key from the dread forum archive. Our weekly mirror list is signed with that key. Use GPG to verify the signature locally — run gpg --verify mirrors-signed.txt. If verification fails, do not use any mirror in that list. The whole point of PGP-signing is transparency and auditability.

What is a checksum and why does it matter?

A checksum is a fingerprint of the onion address — it uniquely identifies that specific v3 string. One typo in the address generates a completely different checksum. Compare your address against the checksum in our signed archive. If they match character-for-character, the address is correct. A single wrong character means the phishing site's checksum is different.

Are these the only mirrors?

These are the verified and operator-signed mirrors. Third-party copies of old mirrors may float around in forums or clearnet archives, but they are inactive and often phishing traps. Never use mirrors you find elsewhere without cross-referencing against wtnsource first. The phishing-to-real ratio on clearnet search results is roughly 50:1.

What happens if a mirror is subject to law enforcement action?

The operators drop that address from the signed rotation immediately and release a new mirror. If you are already logged in to the subject to law enforcement action mirror, you have a few minutes to withdraw funds and log in to a new mirror. The market stays live on the backup mirrors throughout — there is no downtime during the switch. Seizures are rare because the mirrors use different hosting providers.

How do I report a phishing copy?

Post on the dread thread with the fake onion address and any details (like who you found it from, or where you encountered it). Include the domain/content that made you suspicious. We verify and add confirmed scams to the blocklist within 24 hours. Provide the checksum you saw on the phishing site so we can distinguish it from other fakes.

Ready to access

Copy a verified link and open in Tor Browser

Pick a mirror above, click copy, and paste into Tor Browser. All mirrors are live, verified, and identical. Average connection time is 8 seconds.

Back to homepage

Links verified April 27, 2026 · Independent directory · Maintained by wtnsource