# haedal.stakingrewards.biz — MALICIOUS

> haedal.stakingrewards.biz is a high-risk phishing domain targeting users with fake Google pages. Stay vigilant and avoid interaction.

## Summary
PhishDestroy identifies haedal.stakingrewards.biz as an active phishing domain designed to deceive users by mimicking legitimate Google login pages. This campaign poses a significant threat due to its high-risk classification and intent to harvest sensitive user credentials.

The domain was registered recently on February 21, 2026, and resolves to the IP address 172.253.62.99. It appears on three major security blocklists and has been flagged by 15 out of 95 VirusTotal security vendors, indicating a broad detection across multiple threat intelligence sources. The use of a seemingly legitimate page title "Google" is intended to increase the likelihood of user trust and successful credential theft.

Currently, haedal.stakingrewards.biz remains active and accessible, making it a persistent threat. Users are strongly advised to avoid clicking links associated with this domain, verify URLs carefully before entering credentials, and report suspicious activity to their security teams. Organizations should update their phishing filters to block this domain and conduct awareness training to mitigate risk.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: Google

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 172.253.62.99
- SSL Issuer: WR2

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "BitDefender", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Sophos", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bb7b7-0966-7089-b572-db56d83abcbc.png
- PhishDestroy: https://phishdestroy.io/domain/haedal.stakingrewards.biz/
- LLM endpoint: https://phishdestroy.io/domain/haedal.stakingrewards.biz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/haedal.stakingrewards.biz/
Last updated: 2026-03-19