# jellybeanmeme.com — SUSPICIOUS

> Beware of jellybeanmeme.com, an active low-risk phishing domain. Avoid sharing sensitive info and verify site legitimacy before interacting.

## Summary
PhishDestroy identifies jellybeanmeme.com as an active phishing domain categorized under generic phishing. The domain was registered on February 27, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED. Its classification as phishing is based on behavioral patterns typical to credential or data harvesting sites, though it currently presents a low risk level.

The domain resolves to IP address 104.21.59.33, which is part of a cloud-hosted infrastructure commonly used to host phishing pages due to ease of setup and anonymity. VirusTotal reports that only 1 out of 95 security engines flagged the domain, indicating minimal detection so far. The combination of recent creation date and low detection suggests the infrastructure is still under evaluation by security tools. The registrar and hosting details align with common setups seen in phishing campaigns aiming to evade early detection.

At present, jellybeanmeme.com remains active and categorized as low-risk phishing. Users are advised to avoid providing any personal or financial information to this domain. PhishDestroy recommends monitoring the domain for future indicator updates and encourages network defenders to consider blocking it as a precaution. Continued vigilance is warranted given its recent creation and the ongoing potential for malicious activity.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Page title: JELLYBEAN

## Domain Intelligence
- Registered: 2026-03-06 15:07:01
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 104.21.59.33
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: clara.ns.cloudflare.com tom.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 1 vendors flagged
  Vendors: ["Fortinet"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://i.ibb.co/1ffBbLDr/f1284f66d4f5.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/jellybeanmeme.com
- Wayback Machine: https://web.archive.org/web/https://jellybeanmeme.com
- PhishDestroy: https://phishdestroy.io/domain/jellybeanmeme.com/
- LLM endpoint: https://phishdestroy.io/domain/jellybeanmeme.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/jellybeanmeme.com/
Last updated: 2026-03-19