# kr546onion.to — SUSPICIOUS > Investigate the kr546onion.to domain: a generic phishing site flagged by just 1/95 VirusTotal engines. ## Summary PhishDestroy identifies kr546onion.to as an active generic phishing domain posing an elevated risk to end users. This domain does not align with a specific brand or drainer kit, suggesting opportunistic credential harvesting or fraudulent redirects. The absence of a recognizable brand lowers immediate recognition barriers, while the generic nature may indicate automated mass phishing campaigns targeting unsuspecting visitors. The domain's recent registration and hosting infrastructure warrant heightened scrutiny by both users and security teams. This domain presents clear technical indicators of malicious intent. VirusTotal reports a detection rate of 1 out of 95 security engines, indicating low antivirus coverage despite clear malicious characteristics. Registered through the Government of the Kingdom of Tonga, the domain resolves to IP address 104.21.77.29 and was created on July 12, 2025. It holds a valid SSL certificate from Google Trust Services, which may increase user trust while concealing malicious intent. Although not currently listed on major blocklists, the combination of recent creation, low detection rate, and geopolitically incongruent registration raises significant red flags. As of the latest assessment, kr546onion.to remains active and unblocked across most commercial security platforms. Immediate containment is advised through DNS sinkholing or web filtering to prevent user exposure. Security teams should add the domain, IP address, and SSL certificate thumbprint to blocklists and monitor outbound connections for potential follow-on compromise. While the immediate risk is elevated due to active hosting and low detection coverage, the domain’s generic approach limits targeted impact. Users are strongly advised to avoid visiting kr546onion.to, validate URLs before clicking, and report suspicious domains to their security provider. Remaining risk persists due to ongoing availability and potential campaign evolution. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-07-12 00:48:11 - Registrar: Government of Kingdom of Tonga - IP: 104.21.77.29 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/f8022361-6362-4a08-8d41-655486d70052 - PhishDestroy: https://phishdestroy.io/domain/kr546onion.to/ - LLM endpoint: https://phishdestroy.io/domain/kr546onion.to/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/kr546onion.to/ Last updated: 2026-03-28