The domain www.magicaljellybean.com is registered by proxy through GODADDY.COM, LLC and was originally registered in August of 2001. Currently this domain has been known to host various forms of malware. The hosted servers are located in Salem, Oregon within the United States which resides on the Liquid Web, Inc. network.
Oregon, United States (US)
Sunday, August 26, 2001
Thursday, February 02, 2017
Sunday, November 08, 2015
AS32244 LIQUID-WEB-INC - Liquid Web, Inc.
Malware distribution (59% detected)
PUP.Optional.Installer, Win32.Generic.Installer.Meta, Win32.Generic.ONEUP.Installer.Meta, PUP.OpenCandy.Installer (L)
Suspicious_Gen4.JQRH, Win32.Sality.3, Win32.Neshta.A
Win32:SaliCode, Win32:PUP-gen [PUP], Win32:Apanas [Trj]
Win32/Sality.NBA virus, Win32/OpenCandy.A potentially unsafe application, Win32/Neshta.A virus
Trend Micro House Call
HKTL_KEYFINDER, Suspicious_GEN.F47V1104, Suspicious_GEN.F47V0122
Win32/OpenCandy, Win32/OpenCandy (variant)
Trojan.Win32.Generic, Threat.4721115, Threat.4276445
Microsoft Security Essentials
OpenCandy, Virus 'Mal/Sality-D'
The domain www.magicaljellybean.com has been seen to resolve to the following 2 IP addresses.
December 27, 2013
File downloads found at URLs served by www.magicaljellybean.com.
The following file have been seen to comunicate with www.magicaljellybean.com in live environments.
“Magical Jelly Bean”
“Magical Jelly Bean homepage. Homepage of MJB KeyFinder, PasswdFinder and WiFi password releaver/finder.”
SSL certificate subject:
CN=magicaljellybean.com, OU=Domain Control Validated
SSL certificate issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc."
Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 (PHP/5.2.17)
Statistics are for the previous month.