# sadexy.com — SUSPICIOUS > PhishDestroy flags sadexy.com as a crypto drainer impersonating popular exchanges. Domain created March 15, only 2/95 VirusTotal detections; verify via. ## Summary sadexy.com presents an elevated risk as an active crypto drainer designed to siphon cryptocurrency assets from unwitting visitors. This domain lures users by impersonating legitimate crypto platforms and triggers wallet-draining scripts upon interaction. PhishDestroy’s automated analysis has confirmed malicious JavaScript payloads consistent with on-chain exploit kits, making this site especially hazardous for anyone connecting a cryptocurrency wallet. PhishDestroy’s assessment leverages multiple confirmed indicators: the domain was first registered on March 15, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED, resolving to IP 104.21.5.121 under a Let’s Encrypt SSL certificate. VirusTotal reports only 2 out of 95 participating security vendors currently flag sadexy.com, reflecting low coverage by automated scanners despite clear malicious code execution during sandboxed visits. Independent blocklist queries show no formal listing yet, while domain trust scores trend near zero due to the recent creation date and lack of legitimate content. WHOIS records also reveal additional red flags such as WHOIS privacy shielding and a registrant country inconsistent with advertised services, reinforcing the likelihood of intentional deception. Mitigation for users exposed to sadexy.com involves immediate wallet disconnection and transaction monitoring, as injected drainer scripts can execute transfers without explicit approval. Never enter seed phrases, private keys or connect wallets on any site reaching via suspicious redirects to sadexy.com. Before interacting with crypto platforms, verify the exact domain through PhishDestroy’s real-time checker and cross-reference against official exchange URLs. If funds are drained, report the incident to local cybercrime units and file an on-chain report with platforms like Etherscan’s phishing tool. Maintain segregated watch-only wallets for public interactions to limit exposure and consider hardware wallets with transaction confirmation screens for maximum security against silent drainers like those hosted at sadexy.com. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-15 13:39:37 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 104.21.5.121 ## Detection Status - VirusTotal: 2 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7b502426-3818-4531-a12c-440ebea30182 - PhishDestroy: https://phishdestroy.io/domain/sadexy.com/ - LLM endpoint: https://phishdestroy.io/domain/sadexy.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/sadexy.com/ Last updated: 2026-03-23