# universalbm.info — MALICIOUS

> Beware: universalbm.info is a crypto drainer stealing credentials. Flagged by 8/95 VirusTotal scanners, it impersonates legitimate services to trick users.

## Summary
PhishDestroy identifies universalbm.info as an active crypto drainer domain designed to steal cryptocurrency through deceptive login pages. This domain was flagged by Google Safe Browsing under the SOCIAL_ENGINEERING category, indicating deliberate attempts to manipulate users into revealing sensitive information. The domain resolves to IP address 188.114.97.3 and utilizes a Let's Encrypt SSL certificate to appear legitimate, tricking users into believing the site is secure.  This domain poses a significant elevated risk due to its malicious intent and active status. Evidence supporting this threat includes VirusTotal detection by 8 out of 95 security vendors, registration through NICENIC INTERNATIONAL GROUP CO., LIMITED, and a domain creation date of March 19, 2026—far in the future, a tactic sometimes used to mask early malicious activities. Additionally, the domain's recent registration and active deployment suggest it is part of a rapidly evolving campaign to target unsuspecting users.  If you have visited universalbm.info, immediately cease all interactions with the site and revoke any permissions or connections made while on the page. Users should also scan their devices for malware and review their cryptocurrency wallets for unauthorized transactions. PhishDestroy recommends verifying the legitimacy of any unexpected or suspicious links through its platform before proceeding. Always cross-reference domains with known legitimate sources and avoid entering sensitive information on untrusted sites.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-19 14:36:10
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 8 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0e82e37c-f66a-415c-b5fb-143ccf2674d3
- PhishDestroy: https://phishdestroy.io/domain/universalbm.info/
- LLM endpoint: https://phishdestroy.io/domain/universalbm.info/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/universalbm.info/
Last updated: 2026-03-23