# plume.stakingsreward.art — MALICIOUS > Avoid plume.stakingsreward.art—an active high-risk phishing domain mimicking Google. Stay vigilant and do not enter sensitive info. ## Summary PhishDestroy identifies plume.stakingsreward.art as a high-risk generic phishing domain designed to impersonate legitimate Google services. The domain is actively used to deceive users into divulging sensitive credentials or personal information by mimicking trusted brand elements, posing significant security threats to unsuspecting victims. Attackers leverage the perceived trustworthiness of Google to increase the success rate of their phishing campaigns. Technically, plume.stakingsreward.art was registered recently on February 21, 2026, indicating it is part of ongoing threat actor operations. It resolves to the IP address 142.251.141.68, which requires further investigation to determine hosting relationships. VirusTotal detects this domain as malicious with 13 out of 95 security vendors flagging it for phishing activities. Additionally, it appears on two independent security blocklists, confirming consensus on its malicious nature. The webpage title is deceptively labeled "Google" to lure victims into a false sense of security. Currently, plume.stakingsreward.art remains active and continues to pose a substantial phishing risk. PhishDestroy strongly recommends that users avoid this domain entirely and maintain heightened vigilance around unsolicited links referencing staking rewards or cryptocurrency themes. Organizations should update their blocklists and employ email filtering to mitigate exposure. Security teams are advised to monitor related indicators of compromise and educate users on recognizing such deceptive webpages using brand impersonation tactics. ## Threat Details - Verdict: MALICIOUS - Site status: alive (HTTP 530) - Page title: Google ## Domain Intelligence - Registered: 2026-02-21 07:01:08 - IP: 142.251.141.68 - SSL Issuer: WE2 ## Detection Status - VirusTotal: 13 vendors flagged Vendors: ["ADMINUSLabs", "ChainPatrol", "BitDefender", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "SOCRadar", "Sophos", "Webroot"] - Google Safe Browsing: clean - Blocklists: 2 hits Lists: ["PhishDestroy", "MetaMask"] ## Evidence - Screenshot: https://urlscan.io/screenshots/019ba958-57f2-7101-909f-9ec495b4d60d.png - PhishDestroy: https://phishdestroy.io/domain/plume.stakingsreward.art/ - LLM endpoint: https://phishdestroy.io/domain/plume.stakingsreward.art/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/plume.stakingsreward.art/ Last updated: 2026-03-19