# eigenlayer-1006.leec64443.workers.dev — SUSPICIOUS

> eigenlayer-1006.leec64443.workers.dev is a crypto drainer impersonating EigenLayer. Flagged by 0 of 95 VirusTotal vendors, verify safety on PhishDestroy.

## Summary
PhishDestroy identifies eigenlayer-1006.leec64443.workers.dev as an active brand impersonation campaign targeting EigenLayer users. This Workers.dev subdomain is currently distributing a cryptocurrency drainer disguised as an official EigenLayer interface. The threat remains under investigation but exhibits active propagation vectors.


This domain was flagged by 0 of 95 VirusTotal vendors as of the latest scan, indicating it has not yet been widely blacklisted despite its malicious nature. It is registered through Cloudflare, Inc. and resolves to IP 188.114.96.3. The domain leverages a Google Trust Services SSL certificate to enhance credibility. Current threat intelligence shows no entries in major blocklists, though its impersonation tactics and infrastructure align with known crypto-draining campaigns.


Users encountering this domain should treat all interactions as high-risk. The infrastructure’s use of Workers.dev and Cloudflare suggests evasion tactics common in modern phishing campaigns. PhishDestroy recommends immediate domain blocking, avoiding all links or downloads associated with this subdomain, and verifying EigenLayer communications through official channels only.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: EigenLayer

## Domain Intelligence
- Registrar: Cloudflare, Inc.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/eigenlayer-1006.leec64443.workers.dev
- PhishDestroy: https://phishdestroy.io/domain/eigenlayer-1006.leec64443.workers.dev/
- LLM endpoint: https://phishdestroy.io/domain/eigenlayer-1006.leec64443.workers.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/eigenlayer-1006.leec64443.workers.dev/
Last updated: 2026-04-10