# learn-eigen.gitbook.io — SUSPICIOUS > learn-eigen.gitbook.io hosts a live credential harvesting phishing page mimicking EigenLayer. Users who enter credentials risk account takeover. ## Summary PhishDestroy identifies an active credential harvesting campaign hosted at learn-eigen.gitbook.io, a domain masquerading as the legitimate EigenLayer platform to deceive users into surrendering login credentials. This phishing site is engineered to capture and exfiltrate user-provided credentials, granting threat actors unauthorized access to victims’ accounts and wallets. The domain leverages the trusted GitBook.io subdomain structure to evade detection while presenting a convincing replica of the target brand’s interface. Threat actors frequently select GitBook.io for hosting due to its association with documentation platforms, creating an illusion of legitimacy that lowers user suspicion and increases the likelihood of successful compromise. This domain was flagged after resolving to IP address 172.64.147.209 and was registered through Cloudflare, Inc., with a creation date of March 30, 2014. As of this investigation, the domain remains undetected by VirusTotal scanning engines, registering 0 out of 95 detections, indicating a low current blocklist presence. The use of a Google Trust Services SSL certificate further enhances the appearance of authenticity, making it difficult for users and automated detection systems to identify the threat without behavioral or content-level analysis. The discrepancy between the domain’s age (2014) and the recent nature of the campaign suggests potential abuse of a legitimate but compromised subdomain or a deliberate attempt to exploit long-standing domain trust. Users who have visited learn-eigen.gitbook.io should immediately cease any interaction with the site and treat their credentials as compromised. If you entered sensitive information, reset your password using a clean device and enable multi-factor authentication immediately. Monitor accounts for unauthorized transactions or access attempts, and report any suspicious activity to your organization’s security team or platform provider. Avoid clicking links in unsolicited messages and verify any unexpected requests for credentials by contacting the service directly through official channels. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2014-03-30 06:09:09 - Registrar: Cloudflare, Inc - IP: 172.64.147.209 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/learn-eigen.gitbook.io - PhishDestroy: https://phishdestroy.io/domain/learn-eigen.gitbook.io/ - LLM endpoint: https://phishdestroy.io/domain/learn-eigen.gitbook.io/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/learn-eigen.gitbook.io/ Last updated: 2026-04-10