# OsirisScan, full text > Verified 2026-07-17. Site: https://osirismarket.online Language: English Use: reference --- # Nodes ## OSI-01 Primary node State: online. Uptime: 99.2%. Latency: 210 ms. Added: 2024. - http://osirisdaec7ufbb3sbe3r355b2s7lwvw726l4z4oumg6kdddnomht3qd.onion The primary node is the first address the explorer recommends trying. It has the longest history in the pool, which on Tor translates directly into faster resolution: an established hidden service has stable descriptor consensus and routes through known-good guards. Availability over the observation window sits above ninety-nine percent, the highest in the pool. That number is measured from periodic reachability checks across several Tor circuits, so read it as a recent trend rather than a live probe. Every dip is recorded in the status log with a timestamp and a duration. Latency reads around two hundred milliseconds on a healthy circuit, meaning the anti-DDoS queue and login usually render within a few seconds. If the primary stalls for longer than a minute on your side, the cause is almost always your circuit. Rebuild it and retry, or switch to another node while you do. Whatever node you use, verify it before entering anything. Copy the address from this explorer, hold it against the address the login captcha prints, and never type a fifty-six character string from memory. See verifying a mirror. --- ## OSI-02 Secondary node State: online. Uptime: 98.7%. Latency: 260 ms. Added: 2024. - http://osirisdtn7lmphfz722ay24timiezf4kp6plofxg23dgu5tu2ouy4mid.onion The secondary node exists so a problem on the primary never puts Osiris out of reach. Every node in the pool resolves to the same market with the same account, balance and order history, so rotating from one to another costs nothing but a fresh circuit. Availability sits just under the primary, in the high ninety-eight percent range. The small gap is not a reliability concern. It reflects the primary catching slightly more traffic and therefore more of the routine checks that happen to land during a queue. Both nodes are equally genuine and equally safe once verified. Latency reads a little higher than the primary, around two hundred sixty milliseconds. On a good circuit the difference is imperceptible. Under a flood it may queue longer, which is expected and is exactly why the pool holds more than one node. A fallback is not a lesser address that earns less scrutiny. Verify it the same way, every session. See verifying a mirror. --- ## OSI-03 Reserve node State: online. Uptime: 98.0%. Latency: 320 ms. Added: 2024. - http://osirislivpetlbabbl3zzqhupurfkxxbzbheu3bkrshkaiwg2hcxbyqd.onion The reserve node is the deep fallback. Its job is to answer when the primary and secondary are both under pressure at the same time, which is uncommon but is the exact scenario a single-address market cannot survive. If the first two are stalling across fresh circuits, this is the node to reach for. Availability is the lowest of the three at around ninety-eight percent, which still means it is reachable the large majority of the time. The figure is lower mainly because this node is exercised less, so a brief dip weighs more heavily in the percentage. It is not a warning sign. Latency reads around three hundred twenty milliseconds and can climb right after a rotation while descriptors propagate through the Tor network. A minute of patience is normal here. If nothing renders after that across a couple of circuits, check the status log for a wider event. Same verification, every time. Copy from the explorer, compare against the captcha, never type from memory. --- # Status log ## 2026-05-22 - Flood window raised queue times on the primary node (minor) Over a window of several hours the primary node ran longer anti-DDoS queue times than usual under a coordinated flood. Queue waits stretched past a minute on some circuits where they normally clear in seconds. The market was never down. The secondary and reserve nodes stayed responsive throughout, which is the entire reason Osiris runs a deep pool and the reason it is the market people rotate to during DDoS season. Readers who switched to a fallback continued without interruption. The explorer's guidance during a flood does not change. Do not sit on a slow node hoping it recovers. Rotate to the next node, verify it, and continue. A flood raises queue times, it does not compromise the addresses, and verification protects you either way. The window closed on its own as the flood subsided. No rotation was needed and no node was retired. --- ## 2026-03-11 - Descriptor propagation lag on the reserve node (info) After a routine descriptor refresh, the reserve node was slow to resolve for roughly a day. This is normal Tor behaviour. When a hidden service publishes fresh descriptors, they take time to propagate through the distributed hidden service directory, and during that window some clients find the address before others. The primary and secondary were unaffected and carried traffic normally. Readers who specifically needed the reserve during that day saw longer resolution times or the occasional failure to connect, both of which cleared as propagation finished. No action was required. The entry is logged because the explorer records propagation lag as an informational event, so a reader who hit it can see it was expected rather than a problem with the node. --- ## 2026-02-04 - Lookalike address circulating outside the signed pool (advisory) An address close to the secondary node was reported circulating on third-party link lists. It was a phishing clone, never part of the signed Osiris pool, and it copied the login page to harvest passwords. This is the most common attack against any Tor market. A clone differs from a genuine address by a few characters in the middle of the string, where the eye slides past a substitution. The defence is verification, not vigilance about which list you read. Copy addresses from the signed pool, check the address against the one the login captcha prints, and the clone falls apart because it cannot serve the correct address in the captcha while pointing you at the wrong one. Nothing on the genuine pool needed fixing, because the clone lived outside it. Readers who verified were never exposed. See how phishing works and verifying a mirror. --- ## 2024-09-01 - Explorer began indexing the Osiris pool (info) This explorer began tracking the Osiris mirror pool from this date. At indexing the pool held the three v3 onion nodes it holds now, each resolving to the same market and published with a PGP signature. The explorer's purpose is narrow and useful: give a reader one place to find a verified working node, see how the pool has behaved, and read the access and safety documentation around it. It is not the market and it takes no payment. It indexes addresses that already exist and records what it observes. Everything since this date that materially affected reachability is in the status log above this entry. --- # Coins ## Monero (XMR) Monero is the coin the explorer recommends when privacy is any part of why you are on Tor. It hides the sender, the receiver and the amount by design, so the payment is not legible on a public ledger the way Bitcoin is. Osiris takes it, and it is the default choice for most orders. ## Wallets Hold Monero in a wallet you control. Feather on the desktop needs no full node and is actively maintained. Cake on mobile carries a built-in swap that converts Bitcoin to Monero without an exchange in the middle, which is the common on-ramp for readers moving an existing Bitcoin balance across. ## Depositing Osiris issues a fresh deposit address per order. Copy the Monero address from your order, send from your wallet, and wait for confirmations. Monero confirms in minutes and the network fee is a fraction of a cent, so there is little to tune. See depositing Monero. --- ## Bitcoin (BTC) Bitcoin is accepted on Osiris and is the coin to use when a vendor takes only Bitcoin. Its ledger is fully public, so a payment in it leaves a permanent readable trail. Where privacy matters, the explorer points you to Monero instead. ## Route it cleanly Do not send straight from an identity-checked exchange to the market, because the exchange record ties your name to the deposit. Route through a fresh wallet you control such as Sparrow or Electrum, or swap into Monero first. ## Depositing Copy the Bitcoin deposit address from your order, send with a fee that confirms in a reasonable window, and wait. Overpaying wastes money and underpaying gets the transaction stuck. The balance credits once confirmations land. See depositing Bitcoin. --- # Access ## Install Tor Browser *The one download that opens every Osiris node.* Every Osiris node is a Tor hidden service, and a hidden service only opens in Tor Browser. Install it correctly once and most of the ways a first connection goes wrong are closed before you start. ## Download from the official source only The only place to get Tor Browser is the Tor Project website. Any other download is either an unverifiable mirror or a modified build. If a page is not the official project, close it. ## Verify the signature the first time The Tor Project signs every build. Verifying that signature against the project key on the first install is the difference between a clean browser and one that leaks around Tor. The download page documents the check for every system. ## Set the level to Safest Open the shield beside the address bar and set the security level to Safest, which turns scripting off everywhere. Osiris works at Safest, so you lose nothing you need. Do not add extensions and do not resize the window, because both make your fingerprint unique. --- ## Why Tor Browser must be on Safest *The one dial that closes the biggest hole.* The Tor Browser shield hides three security levels, and for Osiris only one is correct. ## What the levels change Standard leaves scripting on. Safer disables some risky scripting. Safest turns scripting off everywhere. The levels are not about the Tor network, which is identical at each. They change what the browser does with a page once it arrives. ## Why Safest Scripting in a hostile page is the single most reliable route to break anonymity from inside the browser. Turning it off closes that route. Safest does it unconditionally, and Osiris is built to work with scripting off, so login, browsing, checkout and messaging all function. --- ## Use a bridge if Tor is blocked *For reaching Osiris where the border blocks Tor.* Some ISPs and some countries block Tor entry. A bridge routes your connection through a relay that is not on the public list of Tor nodes, which hides that you are using Tor. ## When it helps Use a bridge when Tor Browser cannot connect, connects very slowly, or when the Tor Project site is blocked where you are. If Tor is not blocked, skip it, because a bridge only adds latency. ## How to set one Open the connection settings, choose to use a bridge, pick the built-in obfs4 option or request one from the Tor Project, and restart. A bridge changes how you reach Tor but nothing about verifying an Osiris node. --- ## Reaching Osiris from Tails *A whole system that forgets the session at shutdown.* Tor Browser protects your traffic. It does not protect the machine underneath, which is still your everyday system. Tails closes that gap. ## What Tails is A complete operating system that boots from a USB stick, routes everything through Tor, and forgets everything at shutdown. Nothing is written to the machine's own disk. ## When it is worth it For casual use, Tor Browser on your normal system is fine. For anything where the machine remembering the session is a risk you care about, Tails is the tool. Boot, use, shut down. --- # Payments ## Bitcoin or Monero on Osiris *Monero for privacy, Bitcoin when required.* Osiris takes Bitcoin and Monero, and the choice comes down to what you are optimising for. ## Monero, the default Monero hides the sender, receiver and amount, so the payment is not legible on a public ledger. If privacy is any part of why you are on Tor, default to Monero. Most buyers should. ## Bitcoin, when required Bitcoin's ledger is fully public. Use it when a vendor accepts only Bitcoin, and do not send straight from an identity-checked exchange, because that ties your name to the deposit. Route through a fresh wallet or swap into Monero first. --- ## Depositing Monero *Faster, cheaper, unreadable on-chain.* Hold Monero in a wallet you control such as Feather or Cake, open your Osiris order, copy the Monero deposit address it issues, send from your wallet, and wait a few minutes for confirmations. ## Getting Monero If you already hold Bitcoin, Cake has a built-in swap that converts it to Monero without an exchange in the middle. Otherwise buy Monero peer-to-peer. See non-KYC funding. ## The deposit Osiris issues a fresh deposit address per order, so there is no address to reuse. Monero confirms quickly and the fee is tiny, so the balance credits soon after you send. --- ## Depositing Bitcoin *Route through your own wallet, mind the fee.* Do not send straight from an identity-checked exchange. Route through a wallet you control such as Sparrow or Electrum, copy the deposit address from your Osiris order, send with a sensible fee, and wait for confirmations. ## Mind the fee Bitcoin fees swing with congestion. Overpaying wastes money and underpaying gets the transaction stuck for hours. Pick a fee that confirms within a reasonable window. ## Keep it clean An exchange withdrawal sent straight to the market ties your name to the deposit. A fresh wallet in between, or a swap into Monero, breaks that link. The balance credits once confirmations land. --- ## Funding without KYC *Break the trail from your identity.* The privacy of a deposit is only as good as the coin that funded it. Coin bought from an identity-checked exchange and sent straight to the market ties your name to the deposit. ## In-wallet swaps If you hold Bitcoin, swap it to Monero inside a wallet like Cake, which breaks the direct exchange-to-market link. ## Peer-to-peer Buy coin from another person with a random identity rather than a verified account. Either way, route through a fresh wallet you control before depositing. --- # Security ## Verifying a mirror *The two-part check that proves a node is genuine.* Verifying a node is two checks that together close the phishing hole. Neither takes more than a few seconds. ## The signed pool Osiris publishes its nodes with a PGP signature. Verifying it proves the addresses came from the market and nobody edited them. Import the market key once from two independent places, cross-check the fingerprint, and check the list against it. See verifying a PGP signature. ## The captcha check The genuine login prints the market's own address into the captcha. Compare it against the address in your bar. Match means genuine, mismatch means clone. Run this every session, because a bookmark can go stale between rotations. --- ## How phishing works, and the defence *The real threat is a lookalike, not the market vanishing.* The way most people lose money on a Tor market is a lookalike address that copies the market and harvests the password they type into it. Phishing, not exit scams, is the main threat, and the defence is a habit. ## How the trap is set An attacker stands up an onion that differs from a genuine one by a few characters in the middle, where the eye slides past a substitution. They copy the login page exactly. You type your password and it is theirs. Some clones then ask for a recovery phrase, which the real market never does at login. ## The checks Copy addresses from the signed pool on this explorer and never type one from memory. When the login captcha prints the market's address, hold it against your bar. A clone cannot serve the correct address in the captcha while sending you to the wrong one. --- ## Verifying a PGP signature *What a signature proves, and the check that proves it.* A PGP signature on the node list is how you know an address came from Osiris and not an impersonator. ## What it proves Two things at once. That the message was signed by the holder of a specific private key, and that not one byte has changed since. For a node list, the addresses provably came from whoever holds the market key. ## Running it Fetch the market key once from two independent places, cross-check the fingerprint, and import it. Save the signed list, run the verify with GnuPG, and look for the good-signature line naming the market key. A warning that you have not certified the key is normal. A bad-signature line means the list was altered, and you trust none of it. --- ## Account hygiene *Small habits that keep an account standing.* Account safety is a stack of small habits, each cheap, that together keep an account standing. ## Identity and credentials Pick a username you have never used elsewhere. Keep a unique generated password in an encrypted local manager, not a browser autofill and not a cloud service. Write the recovery phrase the market issues on paper, because anyone who holds it owns the account. ## Sessions and balances Close the browser after a session rather than leaving it open for days. Keep the on-market balance sized to the order in front of you and withdraw the rest to a wallet you control. --- # Trading ## Reading a vendor page *Two numbers, one minute, before every order.* Read the two numbers at the top of every vendor page before you order: the deal count and the dispute ratio. A minute here is the most useful minute you will spend. ## Deal count How many orders the vendor has completed. A high count over time is a vendor the market has watched work. A new account is unproven, so a first order there should be especially small. ## Dispute ratio The share of orders that ended in a dispute. Low is good, and a rising ratio on recent orders is a warning even on a long history. Finalise-early is locked until a vendor has earned it, and the profile shows their standing. --- ## How Osiris escrow protects you *Held until you confirm receipt.* Escrow holds your payment until you confirm receipt, so a vendor cannot take the money and fail to deliver. Osiris runs standard 2 of 3 multisig. ## The flow You fund the order into escrow, the vendor ships, you confirm receipt after the package arrives, and the coin releases. If something goes wrong you open a dispute instead of confirming. ## The catch The protection disappears the moment you confirm, so never confirm before the package is in your hands. Confirming early, finalising early, is the single most common way a buyer throws away escrow. Osiris locks it until a vendor has earned it. --- ## Placing a safe first order *Small, cheap, standard escrow.* A first order with any vendor is really a test of whether they do what they say. Keep it small and cheap, use standard shipping and escrow, and encrypt your shipping address to the vendor key. ## Before you order Read the vendor page. A low dispute ratio and a solid deal count on recent orders is what you are looking for. The right size for a first order is an amount you could lose without it mattering. ## Protect yourself Encrypt your address to the vendor's PGP key before pasting it. Leave escrow standard and do not finalise early. If something goes wrong, you open a dispute, which is the path finalising early would remove. --- ## Opening a dispute *When it does not arrive or does not match.* If an order does not arrive, arrives short, or arrives unusable, open a dispute rather than confirming. Osiris moderators are known for responding fast, which matters most exactly when you have a case open. ## When to open Open when a vendor has gone quiet past a reasonable window, when the order is well past its shipping time, or when what arrived does not match. Not before. ## What a moderator reads Your account, your evidence, the full message thread, and the vendor's history. Bring clear photos and a calm factual account. Keep the language factual, answer questions quickly, and do not finalise early hoping a vendor will reward you by shipping. --- # Troubleshooting ## A node will not connect *Almost always your circuit, not the market.* An Osiris node that will not connect is almost never the market being gone. It is usually your Tor circuit or a temporary flood. ## Rebuild the circuit Use the Tor Browser menu to request a new circuit or a new identity, then retry. A bad guard or a congested path is the most common cause and a fresh circuit fixes it. ## Rotate nodes Move to another node in the pool. All resolve to the same market. If one stalls, another usually opens. If all three stall across circuits for several minutes, check the status log for a wider event. --- ## The captcha will not accept my answer *Usually case, sometimes a stale page.* Read the captcha characters carefully and match the case exactly if it is case sensitive. Most rejections are a case mismatch or a stale page. ## Reload for a fresh puzzle If the page has been open a while, reload it for a fresh captcha before trying again. A stale page can carry an expired challenge. ## Confirm the site first Before troubleshooting further, confirm the captcha's printed address matches your bar. A clone's captcha can behave oddly because it is not the real one. --- ## The captcha address does not match my bar *Stop. This is the phishing signal.* A mismatch means you are not on the genuine Osiris. Do not type your password or recovery phrase, do not solve the captcha, close the tab. ## Why it matters The captcha prints the market's own address. If your bar shows a different one, you are on a clone trying to capture what you type. This is exactly the signal the check exists to catch. ## Recover safely Open this explorer fresh, copy a verified node, and try again on a new circuit. Do not reuse the address that mismatched. If you already entered a password, assume it is compromised, change it through a verified node, and withdraw any balance. --- ## A deposit has not shown up *Usually confirmations, occasionally an underpaid fee.* A deposit that has not credited is almost always waiting on confirmations rather than lost. ## Check confirmations The market credits after the network confirms the transaction. Bitcoin can take from minutes to hours depending on the fee. Monero is usually quick. Until the required confirmations land, the balance will not show. ## Check the address Osiris issues a fresh deposit address per order, so make sure you sent to the address from the correct order. An underpaid Bitcoin fee delays but does not lose the transaction. If confirmations have landed and the balance still does not show, contact market support through the on-site message system with the details. --- # Glossary **Anti-DDoS queue**: A waiting-room page before the login that holds every visitor briefly so bots cannot hammer the captcha behind it. A flood raises its wait time. **Availability**: The share of checks over a window in which a node resolved and answered. Shown per node as an uptime percentage. **Descriptor**: The information a Tor hidden service publishes so clients can reach it. After a refresh, descriptors take time to propagate, which can briefly slow resolution. **Escrow**: Holding a payment in a 2 of 3 multisig contract until buyer and vendor agree the order is done, or a moderator settles a dispute. **Finalise-early (FE)**: Confirming receipt before a package arrives. It releases escrow to the vendor and removes the dispute path. Locked on Osiris until a vendor has earned it. **Latency**: How long a node takes to clear the queue and render the login on a healthy circuit. Shown per node in milliseconds. **Mirror node**: A distinct onion address resolving to the same market. Osiris runs three so a problem with one does not take the market down. **Onion address**: A fifty-six character v3 Tor address ending in .onion. Copy it, never type it, and verify it against the login captcha. **PGP-signed pool**: The set of addresses the market publishes with a PGP signature. Verifying the signature proves an address came from the market and not an impersonator. **Rotation**: Adding or retiring a node in the pool, announced with a signature. A freshly rotated node may resolve slowly until its descriptors propagate. **Status log**: The explorer feed of dated events that affected the pool: floods, descriptor lag, phishing advisories. **Uptime**: See availability. Reported per node as a percentage over the observation window.