# demoanondrain.com — SUSPICIOUS

> demoanondrain.com is a live crypto drainer impersonating AnonDrain with 1/95 VirusTotal detections. Block it now to protect wallets.

## Summary
PhishDestroy identifies demoanondrain.com as an active crypto-draining phishing domain operating under the guise of the AnonDrain toolset. This domain serves as a facade for a browser-based crypto drainer kit designed to siphon funds from victims' cryptocurrency wallets during transaction signing. The kit is deployed through a spoofed AnonDrain landing page that mimics the legitimate project’s branding to lower user suspicion. Technical telemetry suggests the drainer is configured to target wallet extensions commonly used on Ethereum and EVM-compatible chains, supporting the hypothesis that this is a deceptive clone rather than a legitimate tool.


This domain was flagged on 1 security blocklist, including detection by ScamSniffer, and carries a VirusTotal detection score of 1 out of 95 security vendors as of July 19, 2025. It was registered through HOSTINGER operations, UAB, on July 17, 2025, and resolves to IP address 46.202.145.163. The domain holds a valid Let’s Encrypt SSL certificate, which increases its credibility while masking malicious intent. Despite being newly active, the presence of a drainer kit and active campaign status elevates the risk profile significantly.


demoanondrain.com remains active and poses an elevated threat to cryptocurrency users. Immediate actions include blocking the domain and IP at the network perimeter and flagging it in community databases. Users are advised to verify all download links and URLs through official channels before interacting. The current risk level remains elevated due to the live drainer deployment and low detection coverage, warranting heightened vigilance within crypto communities.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-07-17 17:26:24
- Registrar: HOSTINGER operations, UAB
- IP: 46.202.145.163

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/bee518da-cdcc-4753-aa68-839fb56c2cf9
- PhishDestroy: https://phishdestroy.io/domain/demoanondrain.com/
- LLM endpoint: https://phishdestroy.io/domain/demoanondrain.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/demoanondrain.com/
Last updated: 2026-03-27