# ulgroup.dsjdemo.cloud — SUSPICIOUS

> ulgroup.dsjdemo.cloud acts as a crypto drainer with 0/95 VirusTotal detections. Block this domain immediately to protect assets from credential theft.

## Summary
PhishDestroy identifies ulgroup.dsjdemo.cloud as a crypto-draining phishing domain under active investigation. This domain masquerades as a legitimate platform to trick users into connecting crypto wallets, enabling unauthorized fund transfers. The threat is isolated to cryptocurrency theft rather than general credential harvesting or brand impersonation.

This domain was flagged with 0 detections out of 95 on VirusTotal at the time of reporting, indicating it has evaded current antivirus signatures. It resolves to IP 107.189.20.227 via NameSilo, LLC, and was created on March 09, 2026. Given the zero detection rate and recent registration, it poses a high-risk window for exploitation before signature updates occur.

To mitigate exposure to this crypto drainer, users should avoid visiting ulgroup.dsjdemo.cloud entirely. Block the domain at the network firewall or DNS level using its exact FQDN. Users who may have already connected a wallet should revoke any unauthorized permissions immediately via their wallet interface and consider transferring remaining assets to a new, secure address. Monitor connected apps and use real-time transaction alerts to detect any anomalous transfers.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-09 17:17:43
- Registrar: NameSilo, LLC
- IP: 107.189.20.227

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/912b67b4-bb4d-43ee-8c62-43d5c036ade8
- PhishDestroy: https://phishdestroy.io/domain/ulgroup.dsjdemo.cloud/
- LLM endpoint: https://phishdestroy.io/domain/ulgroup.dsjdemo.cloud/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/ulgroup.dsjdemo.cloud/
Last updated: 2026-03-22