www.magicaljellybean.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain www.magicaljellybean.com is registered by proxy through GODADDY.COM, LLC and was originally registered in August of 2001. Currently this domain has been known to host various forms of malware. The hosted servers are located in Salem, Oregon within the United States which resides on the Liquid Web, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Oregon, United States (US)

Create date:
Sunday, August 26, 2001

Expires date:
Thursday, February 02, 2017

Updated date:
Sunday, November 08, 2015

ASN:
AS32244 LIQUID-WEB-INC - Liquid Web, Inc.

Scanner detections:
Malware distribution  (59% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Optional.Installer, Win32.Generic.Installer.Meta, Win32.Generic.ONEUP.Installer.Meta, PUP.OpenCandy.Installer (L)
79.17%

Norman
Suspicious_Gen4.JQRH, Win32.Sality.3, Win32.Neshta.A
25.00%

avast!
Win32:SaliCode, Win32:PUP-gen [PUP], Win32:Apanas [Trj]
20.83%

ESET NOD32
Win32/Sality.NBA virus, Win32/OpenCandy.A potentially unsafe application, Win32/Neshta.A virus
20.83%

Trend Micro House Call
HKTL_KEYFINDER, Suspicious_GEN.F47V1104, Suspicious_GEN.F47V0122
12.50%

ESET NOD32
Win32/OpenCandy, Win32/OpenCandy (variant)
12.50%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4721115, Threat.4276445
12.50%

McAfee
Artemis!9345E3D8D107, Virus.W32/Sality.gen.z
12.50%

AVG
OpenCandy, Win32/Sality
12.50%

Microsoft Security Essentials
Threat.Undefined
12.50%

Sophos
OpenCandy, Virus 'Mal/Sality-D'
8.33%

Dr.Web
Win32.Sector.30
8.33%

F-Prot
W32/Sality.gen2
8.33%

Kaspersky
Virus.Win32.Sality
8.33%

Emsisoft Anti-Malware
Win32.Sality, Win32.Neshta
8.33%

The domain www.magicaljellybean.com has been seen to resolve to the following 2 IP addresses.

recover-keys.com
December 27, 2013

August 4, 2013

File downloads found at URLs served by www.magicaljellybean.com.

0 / 68

1 / 68      (Malware)

8 / 68      (Malware)

8 / 68      (PUP)

0 / 68
https://www.magicaljellybean.com/.../keyfinder.zip  (9f56467fc4155957bc5d8d8b03be8434)

The following file have been seen to comunicate with www.magicaljellybean.com in live environments.

URL:
http://www.magicaljellybean.com/

Google Analytics:
UA-1298700

Title:
“Magical Jelly Bean”

Description:
“Magical Jelly Bean homepage. Homepage of MJB KeyFinder, PasswdFinder and WiFi password releaver/finder.”

SSL certificate subject:
CN=magicaljellybean.com, OU=Domain Control Validated

SSL certificate issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc."

Web server:
Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 (PHP/5.2.17)

Facebook:
Likes:  9
Shares:  21
Comments:  27

Statistics are for the previous month.