# gres-lab.pages.dev — MALICIOUS

> gres-lab.pages.dev was flagged for phishing and is now offline. Learn about its threat profile and what steps to take to stay protected.

## Summary
PhishDestroy identifies gres-lab.pages.dev as a high-risk generic phishing domain that posed a significant threat to users by attempting to deceive victims into divulging sensitive information. The domain’s malicious intent is underscored by its classification on a security blocklist and detection by multiple security vendors, highlighting the potential for credential theft or fraud.

The domain was registered recently on February 21, 2026, through Cloudflare, Inc., and resolved to the IP address 188.114.97.3. It was hosted on Cloudflare’s infrastructure and presented a page titled "Suspected phishing site | Cloudflare" before being taken offline. The fact that 14 out of 95 VirusTotal scanners flagged the domain supports its malicious nature, and its inclusion in at least one security blocklist further confirms the risk it posed.

Users are strongly advised to avoid interacting with this domain and remain vigilant against similar phishing attempts. Organizations should ensure their security defenses are updated to block access to this domain and educate users about the dangers of phishing links. Since the domain is now offline, the immediate risk has been mitigated, but continuous monitoring for related threats remains essential to prevent future attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Page title: Suspected phishing site | Cloudflare

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["sue.ns.cloudflare.com", "ram.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "Criminal IP", "alphaMountain.ai", "Bfore.Ai PreCrime", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Sophos", "VIPRE"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019c2d26-8e79-7188-a45d-3a3b6d75b27b.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/88f4d426-792d-47f5-aa2d-6d18bfee98eb
- PhishDestroy: https://phishdestroy.io/domain/gres-lab.pages.dev/
- LLM endpoint: https://phishdestroy.io/domain/gres-lab.pages.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/gres-lab.pages.dev/
Last updated: 2026-03-19