Onion Mirrors
Access Catharsis through our verified .onion mirrors. Always verify the address before logging in to protect yourself from phishing attempts.
Official Mirror Addresses
Below you will find the complete list of official Catharsis .onion mirror addresses. These mirrors are maintained and operated directly by the Catharsis team and are the only legitimate entry points to our marketplace. Each mirror is a fully functional copy of the platform, running on independent infrastructure to ensure maximum availability and resilience against downtime. We distribute our services across multiple mirrors to provide redundancy — if one mirror becomes temporarily unavailable due to maintenance, network issues, or targeted attacks, users can seamlessly switch to another mirror without any interruption to their experience.
It is absolutely critical that you only use the official mirror addresses listed on this page. Phishing sites that impersonate Catharsis are a constant threat, and using an unofficial or unverified link could result in the theft of your login credentials, PGP keys, or cryptocurrency funds. We strongly recommend bookmarking these addresses in your Tor Browser and always accessing the platform through your saved bookmarks rather than clicking links from external sources, forums, or messaging platforms.
How to Access .onion Sites
If you are new to the Tor network and .onion addresses, this section will guide you through everything you need to know to access Catharsis safely and securely. The .onion top-level domain is a special-use domain designation that identifies anonymous hidden services accessible only through the Tor network. Unlike regular websites that are hosted on servers with publicly known IP addresses, .onion services are hosted behind multiple layers of encryption and routing that make it impossible to determine the physical location or identity of the server operator.
The .onion addressing system uses a cryptographic hash derived from the service's public key, which serves as both the address and an authentication mechanism. When you connect to a .onion address, your Tor Browser automatically verifies that you are communicating with the legitimate service that owns the corresponding private key, providing built-in protection against certain types of man-in-the-middle attacks. This is one of the reasons why .onion addresses are long strings of seemingly random characters — they are actually cryptographic identifiers that ensure the authenticity of the service.
Download Tor Browser
Visit the official Tor Project website at torproject.org and download the Tor Browser for your operating system. The Tor Browser is available for Windows, macOS, Linux, and Android. It is a modified version of Mozilla Firefox that has been pre-configured to route all traffic through the Tor network and includes several privacy-enhancing modifications such as disabled JavaScript by default in high-security mode, blocked third-party cookies, and removed browser fingerprinting vectors. Always download the Tor Browser from the official website to ensure you are getting an authentic, unmodified copy. Verify the download signature using PGP to confirm the file has not been tampered with during transit.
Configure Your Security Level
After installing and launching the Tor Browser, we recommend adjusting the security level to "Safest" for maximum protection. You can find this setting by clicking the shield icon next to the address bar or by navigating to about:preferences#privacy in the address bar. The "Safest" setting disables JavaScript on all sites, blocks certain fonts and media, and removes other potential attack vectors that could be used to deanonymize you. While this may cause some websites to display incorrectly, Catharsis is designed to function fully even with JavaScript disabled, ensuring that you can always access our platform at the highest security level without any loss of functionality.
Enter the .onion Address
Copy one of the official mirror addresses listed above and paste it into the Tor Browser address bar. Press Enter and wait for the connection to be established. The initial connection to a .onion service may take slightly longer than connecting to a regular website because the Tor Browser needs to build a six-hop circuit through the Tor network (three hops on the client side and three on the server side) to establish a fully anonymous connection. Once the circuit is built, subsequent page loads will be faster. If you experience difficulty connecting, try a different mirror address from the list above or wait a few minutes and try again, as the Tor network can occasionally experience congestion during peak usage periods.
Verify and Bookmark
Once you have successfully connected to Catharsis, verify that the .onion address in your browser's address bar exactly matches one of the official addresses listed on this page. Check every character carefully, as phishing sites often use addresses that differ by only one or two characters. After verification, bookmark the page in your Tor Browser for quick access in the future. Using bookmarks rather than manually typing the address or following external links is one of the most effective ways to protect yourself against phishing attacks. You should also save a copy of the official mirror addresses in an encrypted local file as a backup reference.
Anti-Phishing Measures
Phishing is one of the most common and dangerous threats facing users of anonymous marketplaces. Sophisticated attackers create pixel-perfect replicas of legitimate marketplace interfaces, host them on .onion addresses that closely resemble the official ones, and then distribute these fake links through forums, social media, and messaging platforms. When unsuspecting users enter their credentials on these phishing sites, the attackers capture them and use them to access the real accounts, steal funds, and compromise personal security.
To protect our users against phishing, Catharsis has implemented several anti-phishing mechanisms that you should take full advantage of. First, we offer a customizable anti-phishing string — a unique word or phrase that you set in your account settings, which is displayed on every legitimate Catharsis page after you log in. If you do not see your anti-phishing string, you know immediately that you are not on the real Catharsis site. This is an extremely effective defense because phishing sites cannot know your unique anti-phishing string.
Second, we provide PGP-signed canary messages that are updated regularly and can be verified using our official PGP public key. These canary messages confirm the operational status of our platform and alert users to any known phishing campaigns targeting our community. Third, we maintain an actively updated list of known phishing domains that is published through our official communication channels, allowing users to check whether a suspicious link has been flagged as malicious.
We urge all users to exercise extreme caution and always verify the .onion address before entering any sensitive information. Never follow links from untrusted sources, and always compare the address in your browser bar character by character with the official addresses published here. Your security is ultimately in your own hands — no technology can fully protect a user who does not practice basic security hygiene.
Mirror Infrastructure and Redundancy
Our mirror infrastructure is designed to provide maximum uptime and resilience against both technical failures and targeted attacks. Each mirror operates on independent server hardware located in different geographic regions and legal jurisdictions, connected through encrypted private channels that synchronize data in real-time while maintaining strict isolation between nodes. This distributed architecture ensures that the compromise or seizure of any single server does not affect the availability or security of the remaining mirrors.
Each mirror runs identical software configurations that are deployed through an automated, cryptographically verified pipeline. When updates are pushed to the platform, they are first tested in a staging environment, then signed with our deployment key, and finally distributed to all mirrors simultaneously. This process ensures consistency across all mirrors while preventing unauthorized modifications to the codebase.
Our monitoring systems continuously track the health and performance of each mirror, automatically detecting and responding to issues such as high latency, connection errors, or potential security incidents. If a mirror becomes unavailable, traffic is automatically redirected to the remaining healthy mirrors, ensuring seamless continuity for users. We aim to maintain at least three fully operational mirrors at all times, with additional standby mirrors ready to be activated on short notice if needed.
The mirror URLs listed on this page are updated whenever changes occur. We recommend checking this page periodically for any new mirror addresses or changes to existing ones. Additionally, official mirror updates are communicated through our verified social media channels and community forums, always accompanied by PGP signatures that you can verify to confirm authenticity.
Operational Security Recommendations
Beyond using the Tor Browser and verified mirror addresses, we recommend adopting a comprehensive operational security (OPSEC) approach to protect your privacy when accessing Catharsis. Use a dedicated operating system such as Tails (The Amnesic Incognito Live System) or Whonix, which are specifically designed for anonymous internet use and leave no traces on your hardware. Avoid accessing Catharsis from networks that can be associated with your real identity, such as your home Wi-Fi or workplace network. Instead, use public Wi-Fi networks or mobile data connections that are not registered in your name.
Never reuse usernames, passwords, or PGP keys across different platforms or identities. Compartmentalization is one of the most important principles of operational security — each separate activity should have its own distinct set of credentials and identifiers that cannot be linked together. Use a strong, unique password for your Catharsis account and store it securely in an encrypted password manager. Enable PGP-based two-factor authentication for an additional layer of protection.
Be mindful of metadata leakage from files you upload or share on the platform. Digital photographs, documents, and other files often contain hidden metadata such as GPS coordinates, device identifiers, creation timestamps, and software version information that could potentially be used to identify you. Always strip metadata from files before sharing them, using dedicated tools such as ExifTool or MAT2 (Metadata Anonymisation Toolkit 2).