ScanMalware.com

Security Scan Report: c4.qbo.intuit.com

Redirected to:
https://accounts.intuit.com/app/sign-in?app_group=QBO&asset_alias=Intu...
Site favicon
Submitted: May 12, 2026, 8:34:34 AMCompleted: May 12, 2026, 8:36:17 AMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 64 HTTP transactions. The main domain is accounts.intuit.com and was registered NaN years ago.

Submitted URL: https://c4.qbo.intuit.com

Effective URL: https://accounts.intuit.com/app/sign-in?app_group=QBO&asset_alias=Intuit.accounting.core.qbowebapp&app_environment=prod&iux_redirect_reason=UNAUTHENTICATEDRedirected

The Cisco Umbrella rank of the primary domain is #4,139 of the top 1 million websitesTop 10K Site

AI Security Verdict

High Risk

Confidence: 92%

8
Risk Score

The site appears to be a compromised legitimate QuickBooks subdomain serving malware (C2/beacon) – avoid interaction and report.

Risk Factors
Critical IDS alerts indicating malware C2 and data exfiltration
High JavaScript obfuscation and dynamic code execution
Large number of eval() and Function() calls
Presence of base64 and unescape manipulations in JS
Domain age information unavailable

Details

Page Title

QuickBooks Online Login: Sign in to Access Your QuickBooks Account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

technology software

(87%)

Domain Information

Within the commercial generic top-level domain (.com), 'c4.qbo.intuit.com' is registered, featuring subdomain 'c4.qbo'. Count 6 characters in 'intuit' split between 3 vowels and three consonants. Word splitting yields one word: intuit. Median word length is 6 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://c4.qbo.intuit.com

Page Load Overview

6.49s
Total Load Time
468
HTTP Requests
18
Domains
4.3 MB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:721 chars
Detector Agreement:100%

Website Classification

Primary Category

technology software87% confidence
Type: spa
Method: ml+structural

All Detected Categories

technology software
87%
corporate business
29%
government public service
26%
social_media
25%
corporate
25%

Detected Features

Login Form
OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
7218.172.112.7United States
AS16509Amazon.com, Inc.
663.131.138.77Columbus, Ohio, United States
AS16509Amazon.com, Inc.
663.12.202.106Columbus, Ohio, United States
AS16509Amazon.com, Inc.
6616.58.125.165Columbus, Ohio, United States
AS16509Amazon.com, Inc.
6623.45.236.62Frankfurt am Main, Hesse, Germany
AS16625Akamai Technologies, Inc.
6644.225.42.205Boardman, Oregon, United States
AS16509Amazon.com, Inc.
6623.56.206.140Frankfurt am Main, Hesse, Germany
AS16625Akamai Technologies, Inc.
4687--

Detected Technologies3

Open-Graph-Protocolvwebsite
100%
HSTS
40%
RequireJS
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1B9F32BE69228483B4B520BEDA435B906E37975DDC9C0C8C4B6DDD11F53EBCB91332A29

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

3072:s4Ds66U/CX9xtTlBgsPgxggHgfgHgiH1xd7GTj:DDsfU/CtflbAjLs

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:166552:DpMHAIKGMUCEQBARBSCFiIVYFRAiIIICEBwBJwUYbThahQhAC3QZIgMxmbBjEp8gysI1V24QNzAyBwAEDWCCCIFoIopAABGL

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffffffffffe781
Perceptual Hash:e6996699629479c6
Difference Hash:000000000000080f
Wavelet Hash:0f0f0f0f0f0fe781
Color Hash:#c587c1

Other Hashes

Crop Resistant:000000000000080f

Scan History

Scan history not available

Unable to load historical scan data