# thejellybeans.fun — SUSPICIOUS

> Thejellybeans.fun is flagged as a credential theft domain. VirusTotal shows a 0/95 score. Exercise extreme caution and avoid entering any information.

## Summary
PhishDestroy has identified the domain thejellybeans.fun as an active credential theft threat. This domain is currently being used in phishing campaigns designed to steal sensitive user credentials.  
The technical analysis reveals the following indicators: thejellybeans.fun currently resolves to IP address 188.114.96.3. As of the latest scan, VirusTotal reports a detection ratio of 0/95. The domain was registered through Atak Domain Bilgi Teknolojileri A.Ş. on March 17, 2026. It uses an SSL certificate issued by Let's Encrypt.  
Currently, the domain thejellybeans.fun is active and presents an ongoing risk. Users are advised to avoid interacting with this domain or any communications that direct them to it. Further investigation is underway to determine the full scope of the phishing campaign and implement appropriate countermeasures. Vigilance is advised.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-17 12:16:34
- Registrar: Atak Domain Bilgi Teknolojileri A.Ş.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/1d09fb5d-46af-4f16-87a6-ff810310c3b8
- PhishDestroy: https://phishdestroy.io/domain/thejellybeans.fun/
- LLM endpoint: https://phishdestroy.io/domain/thejellybeans.fun/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/thejellybeans.fun/
Last updated: 2026-03-24