# eigenlayer-checker.web.app — SUSPICIOUS > eigenlayer-checker.web.app mimics EigenLayer's brand to steal credentials. VT shows 0/95 detections—act now to block this impersonation site. ## Summary PhishDestroy identifies eigenlayer-checker.web.app as an ACTIVE brand impersonation threat under investigation. This domain, registered via Google LLC and resolving to IP 199.36.158.100, masquerades as an EigenLayer Airdrop Checker to harvest user credentials. The page title intentionally duplicates EigenLayer’s branding, creating a high-confidence deception mechanism targeting crypto investors familiar with the protocol. This domain exhibits multiple red flags despite low immediate detection. VirusTotal reports 0/95 security engines flagging the page, underscoring the sophistication of the impersonation. Infrastructure analysis reveals a Google Trust Services SSL certificate—often leveraged to bypass browser warnings—paired with a Google LLC registrar to feign legitimacy. The appspot subdomain (web.app) is a known staging ground for spoofed services, though the current use of a Google-controlled TLD may delay takedown efforts. No historical blocklist entries were detected at time of analysis, indicating this threat is newly emergent and actively evolving. Mitigation requires immediate user-awareness and network-level actions. Users should treat any airdrop-related EigenLayer checker outside of the official eigenlayer.org domain as HIGH RISK. Block traffic to 199.36.158.100 at gateway/firewall levels, and flag the SSL certificate issuer Google Trust Services (CN=GTS CA 1C3) in corporate TLS inspection policies. Organizations should deploy browser extensions blocking web.app subdomains using pattern-matching rules. For crypto users, verify any airdrop link via EigenLayer’s official Twitter or Discord channels—never via search engines or third-party aggregators. This threat exploits time-sensitive FOMO in crypto communities; rapid response is critical to prevent credential harvesting and fund theft. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: EigenLayer - Page title: EigenLayer Airdrop Checker ## Domain Intelligence - Registrar: Google LLC - IP: 199.36.158.100 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/eigenlayer-checker.web.app - PhishDestroy: https://phishdestroy.io/domain/eigenlayer-checker.web.app/ - LLM endpoint: https://phishdestroy.io/domain/eigenlayer-checker.web.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/eigenlayer-checker.web.app/ Last updated: 2026-04-10