79.170.44.92 Open in urlscan Pro
79.170.44.92 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm
Submission: On May 14 via automatic, source phishtank (May 14th 2019, 9:49:33 pm UTC)

Summary HTTP 11 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 1 domains to perform 11 HTTP transactions. The main IP is 79.170.44.92, located in United Kingdom and belongs to GODADDY, DE. The main domain is 79.170.44.92.

This is the only time 79.170.44.92 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Intuit (Financial)

Domain & IP information

	IP Address	AS Autonomous System
9	79.170.44.92 79.170.44.92	20773 (GODADDY) (GODADDY)
1	2.16.186.83 2.16.186.83	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	66.231.94.105 66.231.94.105	22606 (EXACT-7) (EXACT-7 - ExactTarget)
11	3

9 79.170.44.92 (United Kingdom)

ASN20773 (GODADDY, DE)
PTR: web92.extendcp.co.uk

79.170.44.92	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.83 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-83.deploy.static.akamaitechnologies.com

image.payrollservices.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.231.94.105 (United States)

ASN22606 (EXACT-7 - ExactTarget, Inc., US)
PTR: click.virt.s4.exacttarget.com

click.payrollservices.intuit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	intuit.com image.payrollservices.intuit.com click.payrollservices.intuit.com	4 KB
11	1

	Domain	Requested by
1	click.payrollservices.intuit.com	79.170.44.92
1	image.payrollservices.intuit.com	79.170.44.92
11	2

This site contains links to these domains. Also see Links.

Domain
click.payrollservices.intuit.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm
Frame ID: 48FD736942D924EEB87BCA493AEF5819
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Prototype (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

env /^Prototype$/i

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

3
Countries

569 kB
Transfer

566 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://click.payrollservices.intuit.com/?qs=33624ad25e3da10db6f4f62847c273469596513565cd2841c398a0eec208ca23df0b70573cefd00ad3ef205340e6495cae2f2556773541d8
Title: http://oe.quickbooks.com/support/answers.cfm?cat_id=6

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request message.htm Show response 79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/	14 KB 14 KB	428ms 212ms	Document text/html	79.170.44.92 GODADDY
General Check archive.org Show headers Download Go to Full URL http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 79.170.44.92 , United Kingdom, ASN20773 (GODADDY, DE), Reverse DNS web92.extendcp.co.uk Software Apache/2.4.39 (Unix) / Resource Hash `b33ec69349604192b3c53a2545cad468e5de586b4b3ea2b915668e6af9bbf3e9` Request headers Host 79.170.44.92 Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:16 GMT Server Apache/2.4.39 (Unix) Last-Modified Mon, 13 May 2019 09:25:51 GMT ETag "36f2-588c180a1fa08" Accept-Ranges bytes Content-Length 14066 Content-Type text/html
GET H/1.1	200 OK	theme.css 79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/	20 KB 21 KB	424ms 220ms	Stylesheet text/css	79.170.44.92 GODADDY
General Check archive.org Show headers Download Go to Full URL http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/theme.css Requested by Host: 79.170.44.92 URL: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 79.170.44.92 , United Kingdom, ASN20773 (GODADDY, DE), Reverse DNS web92.extendcp.co.uk Software Apache/2.4.39 (Unix) / Resource Hash `81b91eacd34070fa24e6579920aad355aa546e8abba4ef318d0569b26b135b4e` Request headers Referer http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:16 GMT Last-Modified Mon, 29 Apr 2019 12:18:40 GMT Server Apache/2.4.39 (Unix) Accept-Ranges bytes ETag "5199-587aa48e86430" Content-Length 20889 Content-Type text/css
GET H/1.1	200 OK	iambase.css 79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/	3 KB 3 KB	433ms 222ms	Stylesheet text/css	79.170.44.92 GODADDY
General Check archive.org Show headers Download Go to Full URL http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/iambase.css Requested by Host: 79.170.44.92 URL: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 79.170.44.92 , United Kingdom, ASN20773 (GODADDY, DE), Reverse DNS web92.extendcp.co.uk Software Apache/2.4.39 (Unix) / Resource Hash `77baf548dcb405646f7b4c2f8fadb3bf83ddd6ec85beba26c7e3d6cb35aa5d2a` Request headers Referer http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:16 GMT Last-Modified Mon, 29 Apr 2019 12:18:29 GMT Server Apache/2.4.39 (Unix) Accept-Ranges bytes ETag "b04-587aa48358b03" Content-Length 2820 Content-Type text/css
GET H/1.1	200 OK	iamforgotPassword.css 79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/	2 KB 2 KB	433ms 222ms	Stylesheet text/css	79.170.44.92 GODADDY
General Check archive.org Show headers Download Go to Full URL http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/iamforgotPassword.css Requested by Host: 79.170.44.92 URL: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 79.170.44.92 , United Kingdom, ASN20773 (GODADDY, DE), Reverse DNS web92.extendcp.co.uk Software Apache/2.4.39 (Unix) / Resource Hash `6543f117a4560efdb172cccf48fefd9f7a1479fc13f0b0e3dd9bfe569522ccab` Request headers Referer http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:16 GMT Last-Modified Mon, 29 Apr 2019 12:18:29 GMT Server Apache/2.4.39 (Unix) Accept-Ranges bytes ETag "7ab-587aa483f2fc3" Content-Length 1963 Content-Type text/css
GET H/1.1	200 OK	comp.css 79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/	5 KB 6 KB	433ms 222ms	Stylesheet text/css	79.170.44.92 GODADDY
General Check archive.org Show headers Download Go to Full URL http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/comp.css Requested by Host: 79.170.44.92 URL: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 79.170.44.92 , United Kingdom, ASN20773 (GODADDY, DE), Reverse DNS web92.extendcp.co.uk Software Apache/2.4.39 (Unix) / Resource Hash `5fa798e11d3529f7867051e174e6165fd72dbe466a13cf824eef4dcf044805ca` Request headers Referer http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:16 GMT Last-Modified Mon, 29 Apr 2019 12:18:26 GMT Server Apache/2.4.39 (Unix) Accept-Ranges bytes ETag "1585-587aa48088f61" Content-Length 5509 Content-Type text/css
GET H/1.1	200 OK	jsf.jsf Show response 79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/	105 KB 105 KB	434ms 223ms	Script text/plain	79.170.44.92 GODADDY
General Check archive.org Show headers Download Go to Full URL http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/jsf.jsf Requested by Host: 79.170.44.92 URL: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 79.170.44.92 , United Kingdom, ASN20773 (GODADDY, DE), Reverse DNS web92.extendcp.co.uk Software Apache/2.4.39 (Unix) / Resource Hash `5fd97d1db691ae61c80b3daa5aa0c0fb9829870fb060a09804d72260b7868b0d` Request headers Referer http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:16 GMT Last-Modified Mon, 29 Apr 2019 12:18:41 GMT Server Apache/2.4.39 (Unix) Accept-Ranges bytes ETag "1a401-587aa48f01108" Content-Length 107521 Content-Type text/plain
GET H/1.1	200 OK	bridge.jsf Show response 79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/	109 KB 109 KB	434ms 223ms	Script text/plain	79.170.44.92 GODADDY
General Check archive.org Show headers Download Go to Full URL http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/bridge.jsf Requested by Host: 79.170.44.92 URL: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 79.170.44.92 , United Kingdom, ASN20773 (GODADDY, DE), Reverse DNS web92.extendcp.co.uk Software Apache/2.4.39 (Unix) / Resource Hash `4e50a9791af9d1722e21744d26f86808069f2818c7fb145b27cfb15546552013` Request headers Referer http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:16 GMT Last-Modified Mon, 29 Apr 2019 12:18:27 GMT Server Apache/2.4.39 (Unix) Accept-Ranges bytes ETag "1b2b8-587aa4820c2b2" Content-Length 111288
GET H/1.1	200 OK	compat.jsf Show response 79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/	16 KB 16 KB	647ms 225ms	Script text/plain	79.170.44.92 GODADDY
General Check archive.org Show headers Download Go to Full URL http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/compat.jsf Requested by Host: 79.170.44.92 URL: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 79.170.44.92 , United Kingdom, ASN20773 (GODADDY, DE), Reverse DNS web92.extendcp.co.uk Software Apache/2.4.39 (Unix) / Resource Hash `7f0ea36c1c62a7aac06158f48e46cf38c6caf7ca10e0c858defda652115cad37` Request headers Referer http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:17 GMT Last-Modified Mon, 29 Apr 2019 12:18:29 GMT Server Apache/2.4.39 (Unix) Accept-Ranges bytes ETag "40e7-587aa483e1e53" Content-Length 16615
GET H/1.1	200 OK	icefaces-compat.jsf Show response 79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/	288 KB 288 KB	652ms 222ms	Script text/plain	79.170.44.92 GODADDY
General Check archive.org Show headers Download Go to Full URL http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/password_files/icefaces-compat.jsf Requested by Host: 79.170.44.92 URL: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 79.170.44.92 , United Kingdom, ASN20773 (GODADDY, DE), Reverse DNS web92.extendcp.co.uk Software Apache/2.4.39 (Unix) / Resource Hash `55572d087aa670a0ed8ddcf8517682266da037e864a47c82432cdce1c4e11088` Request headers Referer http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:17 GMT Last-Modified Mon, 29 Apr 2019 12:18:35 GMT Server Apache/2.4.39 (Unix) Accept-Ranges bytes ETag "480da-587aa489a8a7d" Content-Length 295130
GET H/1.1	200 OK	40790df0-0.jpg image.payrollservices.intuit.com/lib/fefa1378746005/i/1/	4 KB 4 KB	599ms 231ms	Image image/jpeg	2.16.186.83 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL http://image.payrollservices.intuit.com/lib/fefa1378746005/i/1/40790df0-0.jpg Requested by Host: 79.170.44.92 URL: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 2.16.186.83 , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a2-16-186-83.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash `f1380632f2ddc66c6a8c66215240ce15cc7bcff30387d0e1c286c2bf87573f12` Request headers Referer http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:17 GMT Last-Modified Tue, 19 Aug 2008 12:12:03 GMT Server AkamaiNetStorage ETag "47a96126ec43a2f9b0148aba1c270ec2:1219147923" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 4096
GET H/1.1	200 OK	open.aspx click.payrollservices.intuit.com/	43 B 199 B	1112ms 438ms	Image image/gif	66.231.94.105 ExactTarget
General Check archive.org Show headers Download Go to Show image Full URL http://click.payrollservices.intuit.com/open.aspx?ffcb10-fefa167477600d-fe181571736d0c75721378-fefa1378746005-ff951076-fe2415717d610d78721271-fec315707c6c0178 Requested by Host: 79.170.44.92 URL: http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm Protocol HTTP/1.1 Server 66.231.94.105 , United States, ASN22606 (EXACT-7 - ExactTarget, Inc., US), Reverse DNS click.virt.s4.exacttarget.com Software / Resource Hash `b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b` Request headers Referer http://79.170.44.92/intuit-verify.com/quickbooks.intuit.com.features.accounting-software/message.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Tue, 14 May 2019 21:49:17 GMT Cache-Control no-cache; max-age=0 Connection close Content-Length 43 Content-Type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Intuit (Financial)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

click.payrollservices.intuit.com
image.payrollservices.intuit.com
2.16.186.83
66.231.94.105
79.170.44.92
4e50a9791af9d1722e21744d26f86808069f2818c7fb145b27cfb15546552013
55572d087aa670a0ed8ddcf8517682266da037e864a47c82432cdce1c4e11088
5fa798e11d3529f7867051e174e6165fd72dbe466a13cf824eef4dcf044805ca
5fd97d1db691ae61c80b3daa5aa0c0fb9829870fb060a09804d72260b7868b0d
6543f117a4560efdb172cccf48fefd9f7a1479fc13f0b0e3dd9bfe569522ccab
77baf548dcb405646f7b4c2f8fadb3bf83ddd6ec85beba26c7e3d6cb35aa5d2a
7f0ea36c1c62a7aac06158f48e46cf38c6caf7ca10e0c858defda652115cad37
81b91eacd34070fa24e6579920aad355aa546e8abba4ef318d0569b26b135b4e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b33ec69349604192b3c53a2545cad468e5de586b4b3ea2b915668e6af9bbf3e9
f1380632f2ddc66c6a8c66215240ce15cc7bcff30387d0e1c286c2bf87573f12

79.170.44.92 Open in urlscan Pro 79.170.44.92 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

3 IPs

3 Countries

569 kBTransfer

566 kBSize

0 Cookies

1 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

23 JavaScript Global Variables

0 Cookies

Indicators

79.170.44.92 Open in urlscan Pro
79.170.44.92 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

3
Countries

569 kB
Transfer

566 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!