# Cómo verificar un espejo .onion

> Tres formas independientes de confirmar que una dirección .onion pertenece al operador: cabecera Onion-Location, huella de clave pública firmada y enlace verificado por PGP.

Canonical URL: https://xmr.club/es/guides/verify-onion-mirror

## Overview

El phishing sobre Tor es real: onions casi-iguales registrados a propósito, claves caducadas, espejos secuestrados. xmr.club sondea a diario y compara la cabecera Onion-Location del operador con lo que listamos — pero conviene que tú también sepas verificarlo. Abajo, tres métodos independientes ordenados por fuerza de la señal.

## Body

Method 1 — Onion-Location header (easiest) Modern Tor Browser reads the Onion-Location response header from a service's clearnet site and shows a " .onion available " prompt. If you visit https://provider.com in Tor Browser and the prompt offers the same onion the directory lists — that's first-party attestation. The operator literally signed off on it by setting the header on the clearnet origin they control. Open the provider's clearnet URL in Tor Browser. Look for the purple ".onion available" pill in the address bar. Compare the onion it offers against the one listed at /onion-audit . Our daily probe automates this from the VPS: result lands in /onion-audit. Mismatches get flagged for curator review within 24 hours. Method 2 — Verify the signed key fingerprint Long-running services publish their onion service key fingerprint on their canonical clearnet site (or via PGP-signed Git commits). The address you visit on Tor is derived from that public key — so the prefix of the onion is the key fingerprint. On the clearnet site, look for a "Tor mirror" / "Onion" page that lists the v3 onion address. Compare that string char-for-char with what your browser is connected to. Bonus: if it's been signed with PGP (some providers do), verify the signature with the operator's published key. Method 3 — Cross-reference independent directories xmr.club, monerica, kycnot.me, Privacy Guides and Awesome Onion lists are independent maintainers. If three of them list the same onion for the same provider, the chance of all three being phished is low. We publish the dataset at /data.json (CC-BY-4.0) specifically to make this kind of cross-check cheap. Red flags Address you found doesn't match what /onion-audit + /data.json list. Possible takeover or typo — don't sign in. Onion redirects to clearnet on signup. Operator broke their own Tor flow — usable for browse, but not for login until they fix it. Self-signed clearnet TLS, prompting you to add an exception. Real operators on v3 onions don't need TLS, but the clearnet site should still have valid certs — bad cert is a phishing signal. Address you got from someone in DMs. Always cross-check against published sources before trusting. Picks for verifying mirrors

## Recommended picks

- [Tor Browser](https://xmr.club/tools/tor-browser) · /llm/tools/tor-browser.txt — Reads Onion-Location header automatically. Free, official.

## License

CC-BY-4.0. Attribute "xmr.club".