# qcore.finance — MALICIOUS

> qcore.finance shows signs of low-risk phishing activity. Stay cautious and verify before interacting with this domain. Learn more at PhishDestroy.

## Summary
PhishDestroy has identified the domain qcore.finance as associated with generic phishing activities. The web page title 'Kiln' does not correspond to any widely recognized service, which may indicate an attempt to deceive users. This classification is based on observed patterns typical of phishing campaigns, though the overall risk level is assessed as low.

Technically, qcore.finance resolves to the IP address 172.67.153.192, which is associated with a content delivery network often used by both legitimate and malicious actors. VirusTotal analysis shows a single security vendor flagging this domain among 95, indicating minimal but notable suspicion. The domain's infrastructure and naming suggest it could be employed for fraudulent financial schemes, requiring vigilance from users.

Currently, qcore.finance remains active and under monitoring by PhishDestroy. While the threat level is low, users are advised to exercise caution and avoid sharing sensitive information on this site. Security teams should consider adding this domain to watchlists and continue observing any changes in its behavior or reputation.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Kiln

## Domain Intelligence
- Registered: 2026-03-09 13:07:02
- IP: 172.67.153.192
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: bjorn.ns.cloudflare.com sasha.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 9 vendors flagged
  Vendors: ["ADMINUSLabs", "Bfore.Ai PreCrime", "CRDF", "CyRadar", "ESET", "Fortinet", "Kaspersky", "SOCRadar", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/wNkGF6LT/673bbacf3860.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1e965d97-c74e-43e0-a24b-088f2e24dfd2
- PhishDestroy: https://phishdestroy.io/domain/qcore.finance/
- LLM endpoint: https://phishdestroy.io/domain/qcore.finance/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/qcore.finance/
Last updated: 2026-03-19