# gmc-static.pages.dev — SUSPICIOUS

> gmc-static.pages.dev poses as an official GMC document portal but serves fake login forms to steal credentials. Resolves to 188.114.97.

## Summary
PhishDestroy identifies gmc-static.pages.dev as an active credential-harvesting site that mimics General Motors’ official forms to trick users into surrendering sensitive login details. Disguised as a static subdomain under Cloudflare Pages, it delivers convincing but fraudulent pages—often targeting owners of GMC, Chevrolet, or Buick vehicles who are expecting to view or download documents. The moment a user submits credentials or personal information, those details are immediately exfiltrated to attacker-controlled servers, enabling identity theft, financial fraud, or further phishing campaigns against the victim’s contacts. Security researchers note this technique is especially effective after major recall notices or service campaigns, when victims are more likely to click on urgent-looking document links.  

This domain was flagged by PhishDestroy on 2024-04-05 with zero detections out of 95 VirusTotal engines, as of 2024-04-05 14:32 UTC. It is served from IP 188.114.97.3 behind Cloudflare’s proxy network and protected by a Google Trust Services SSL certificate. WHOIS records show Cloudflare, Inc. as registrar and registrar-of-record, consistent with many abuse-resistant hosting setups used by phishing campaigns to evade quick takedowns. The domain resolves via Cloudflare Pages (pages.dev), a legitimate service that attackers abuse to host spoofed corporate portals quickly and cheaply.  

If you visited gmc-static.pages.dev—even to close the page—immediately change any passwords you may have typed and enable multi-factor authentication on all related accounts (email, GM account, bank, etc.). Scan your device with up-to-date antivirus software to check for infostealers or keyloggers. Report the domain and any submitted data to GM’s official fraud team at https://www.gm.com/help/phishing.html and file an identity-theft report with the FTC at https://reportfraud.ftc.gov. Clear browser cache and cookies for the domain, then consider using a dedicated password manager that flags lookalike sites in real time. Forward phishing emails to phishing@gm.com and delete them afterward. Monitor bank statements and credit reports for unusual transactions for at least 90 days.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/b36ecb20-5cf5-4d10-8486-df57597d855e
- PhishDestroy: https://phishdestroy.io/domain/gmc-static.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/gmc-static.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gmc-static.pages.dev/
Last updated: 2026-03-28