# sacwarex.pages.dev — SUSPICIOUS > sacwarex.pages.dev hosts a crypto drainer impersonating SacWallet—flagged by 0 of 95 VirusTotal vendors. Avoid and report immediately. ## Summary PhishDestroy identifies sacwarex.pages.dev as a live crypto drainer scam currently active and under investigation. This domain impersonates SacWallet to siphon cryptocurrency from victims’ wallets. Flagged by 0 of 95 VirusTotal vendors, the site operates from the IP address 172.66.47.150 and is registered through Cloudflare, Inc. The SSL certificate is issued by Google Trust Services, lending superficial legitimacy while concealing malicious infrastructure. Historical records show this domain was created within the past 30 days and has not yet been enrolled on major threat blocklists, indicating an emerging campaign. Given the absence of vendor detections and the domain’s recent registration, sacwarex.pages.dev represents a high-risk threat to cryptocurrency users. Threat analysis reveals indicators consistent with wallet-draining JavaScript payloads, leveraging brand trust to trick users into connecting malicious wallets. The Cloudflare shield hides origin servers and complicates takedown efforts. Risk assessment places this domain in the high-severity tier due to the potential for irreversible financial loss. Users are strongly advised to block sacwarex.pages.dev via DNS or network filters and avoid any connection to SacWallet-branded services outside official domains. Report the domain to your antivirus vendor, wallet provider, and threat intelligence platforms such as VirusTotal using the seed 324d79 for tracking. If you suspect interaction, revoke wallet permissions immediately and transfer remaining assets to a cold wallet. Monitor transaction logs for suspicious outflows and consider deploying a real-time transaction alert service. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.47.150 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d3cffc8b-40e6-4ad9-81a7-9fe5873e214d - PhishDestroy: https://phishdestroy.io/domain/sacwarex.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/sacwarex.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/sacwarex.pages.dev/ Last updated: 2026-03-22