# era-chainlink.xyz — MALICIOUS

> era-chainlink.xyz is a crypto drainer mimicking Chainlink with 5/95 VirusTotal detections. Blocked by SEAL and MetaMask. Avoid interaction immediately.

## Summary
PhishDestroy identifies era-chainlink.xyz as an active crypto drainer impersonating the Chainlink brand, posing an elevated risk to cryptocurrency users. This domain was flagged due to its association with credential theft and asset-draining operations targeting Chainlink users and investors.  era-chainlink.xyz resolves to IP 172.67.199.185 and was registered through Dynadot LLC on November 18, 2025. The domain is flagged by 5 out of 95 security vendors on VirusTotal and appears on 2 security blocklists. Despite using an SSL certificate from Google Trust Services, it has been explicitly blocked by SEAL and MetaMask, indicating strong evidence of malicious intent. The recent creation date and active status suggest this is part of a rapidly deployed campaign targeting users familiar with Chainlink.  The threat level is elevated due to the combination of impersonation, active blocking by security tools, and low detection coverage by mainstream antivirus engines. As a crypto drainer, this domain likely hosts a fraudulent website designed to trick users into connecting their wallets or entering private keys, leading to direct asset theft. Users who interact with this domain risk irreversible financial loss, as cryptocurrency transactions are irreversible and anonymity-preserving.  Technical indicators include the IP address 172.67.199.185, which has been associated with previous phishing campaigns, and the registrar Dynadot LLC, which has been observed in multiple malicious domain registrations. The domain’s SSL certificate from Google Trust Services does not indicate legitimacy, as threat actors frequently abuse trusted issuers to appear authentic. The low VirusTotal detection rate (5/95) highlights the challenge in early detection and underscores the need for proactive threat intelligence.  Mitigation requires immediate action: block the domain era-chainlink.xyz at the network and DNS levels, and warn users to avoid any communication referencing this domain. Cryptocurrency users should verify all URLs manually, use hardware wallets, and enable transaction simulation features where available. Always cross-check domains against official sources and security blocklists before any interaction. Report this domain to relevant platforms (e.g., MetaMask, SEAL) and security communities to aid in rapid takedown and wider dissemination of threat intelligence.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-18 20:54:35
- Registrar: Dynadot LLC
- IP: 172.67.199.185

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["SEAL", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0a4357a5-7756-4228-aaab-473fa7b47a92
- PhishDestroy: https://phishdestroy.io/domain/era-chainlink.xyz/
- LLM endpoint: https://phishdestroy.io/domain/era-chainlink.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/era-chainlink.xyz/
Last updated: 2026-04-14