# www.coremesh.top — SUSPICIOUS

> Explore the low-risk phishing domain coremesh.top, its infrastructure, and current offline status. Stay informed with PhishDestroy insights.

## Summary
PhishDestroy identifies www.coremesh.top as a generic phishing domain with low risk based on available intelligence. The domain was registered recently on March 12, 2026, through Dominet (HK) Limited, indicating a relatively new threat actor setup. It was flagged primarily due to its phishing classification and appearance on one security blocklist, despite minimal detection by mainstream antivirus vendors.

Technical indicators include the domain resolving to the IP address 104.21.52.88 and a page title matching "Attention Required! | Cloudflare," suggesting usage of Cloudflare’s protection services to obscure real hosting. VirusTotal flagged only 1 out of 95 security vendors, signaling limited but notable suspicion. The combination of a new domain registration and blocklist presence supports cautious monitoring.

Currently, www.coremesh.top is offline, reducing immediate threat exposure. PhishDestroy notes that the domain’s offline status and low-risk classification imply effective takedown or abandonment by the operators. Users and researchers should remain vigilant for potential reactivation or similar infrastructure reuse by related phishing campaigns.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: Attention Required! | Cloudflare

## Domain Intelligence
- Registered: 2026-03-12 17:07:01
- Registrar: Dominet (HK) Limited
- Country: HK
- IP: 104.21.52.88
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: elinore.ns.cloudflare.com javier.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 1 vendors flagged
  Vendors: ["SOCRadar"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://i.ibb.co/TDzm75dD/4a4ae779624a.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/c20a2fc0-ef8d-45d3-b4c1-8fa1a9b72a82
- PhishDestroy: https://phishdestroy.io/domain/www.coremesh.top/
- LLM endpoint: https://phishdestroy.io/domain/www.coremesh.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/www.coremesh.top/
Last updated: 2026-03-19