guest.extend.bancofcal.com Open in urlscan Pro
2606:4700:10::ac43:c6d Public Scan

Go To Rescan
Add Verdict Report

URL:
https://guest.extend.bancofcal.com/
Submission: On July 13 via automatic, source certstream-suspicious (July 13th 2024, 7:58:49 am UTC) — Scanned from DE

Summary HTTP 8 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2606:4700:10::ac43:c6d, located in United States and belongs to CLOUDFLARENET, US. The main domain is guest.extend.bancofcal.com.
TLS certificate: Issued by WE1 on July 12th 2024. Valid for: 3 months.

This is the only time guest.extend.bancofcal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 5	2606:4700:10:... 2606:4700:10::ac43:c6d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.225.78.58 13.225.78.58	16509 (AMAZON-02) (AMAZON-02)
1	13.33.187.71 13.33.187.71	16509 (AMAZON-02) (AMAZON-02)
8	4

5 2606:4700:10::ac43:c6d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

guest.extend.bancofcal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.78.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-58.fra2.r.cloudfront.net

guest-assets.paywithextend.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.187.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-71.fra60.r.cloudfront.net

brand-assets.paywithextend.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	bancofcal.com 1 redirects guest.extend.bancofcal.com	8 KB
4	paywithextend.com guest-assets.paywithextend.com brand-assets.paywithextend.com	622 KB
8	2

	Domain	Requested by
5	guest.extend.bancofcal.com	1 redirects guest.extend.bancofcal.com
3	guest-assets.paywithextend.com	guest.extend.bancofcal.com
1	brand-assets.paywithextend.com
8	3

This site contains links to these domains. Also see Links.

Domain
www.paywithextend.com

Subject Issuer	Validity	Valid
guest.extend.bancofcal.com WE1	`2024-07-12` - `2024-10-10`	3 months	crt.sh
paywithextend.com Amazon RSA 2048 M03	`2024-05-27` - `2025-06-26`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://guest.extend.bancofcal.com/
Frame ID: B7CBFEFCF96A7C6255375EEE16C7C415
Requests: 8 HTTP requests in this frame

Frame: https://guest.extend.bancofcal.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js
Frame ID: 9FE49C13A2B5BE5898D291CF6053B98F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Banc of California VirtualCard

Page Statistics

8
Requests

88 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

629 kB
Transfer

2760 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paywithextend.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://guest.extend.bancofcal.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://guest.extend.bancofcal.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js

8 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
guest.extend.bancofcal.com/ 4 KB
2 KB 501ms
411ms Document
text/html 2606:4700:10::ac43:c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://guest.extend.bancofcal.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

b5828aa523e93c8c1e1a683e36b868265c1abcb2a2cdc53685f88e8b9955b83a

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'nonce-pDstYUO/lTdurfCJYQg90Q==' paywithextend.com *.paywithextend.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8a27babdce7492b7-FRA
content-encoding: br
content-security-policy: script-src 'self' 'nonce-pDstYUO/lTdurfCJYQg90Q==' paywithextend.com *.paywithextend.com
content-type: text/html; charset=utf-8
date: Sat, 13 Jul 2024 07:58:43 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: DENY
x-powered-by: Express
x-xss-protection: 1; mode=block

GET
H2 200 undefined
guest.extend.bancofcal.com/ 4 KB
2 KB 116ms
115ms Stylesheet
text/html 2606:4700:10::ac43:c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://guest.extend.bancofcal.com/undefined

Requested by

Host: guest.extend.bancofcal.com
URL: https://guest.extend.bancofcal.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

840287a59dabd44519a17214bf5867f0e3bc6402c86c89c012be4b487d5ca526

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'nonce-OgjQvGCvrOBDlivrnGBWAA==' paywithextend.com *.paywithextend.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://guest.extend.bancofcal.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 07:58:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: br
content-security-policy: script-src 'self' 'nonce-OgjQvGCvrOBDlivrnGBWAA==' paywithextend.com *.paywithextend.com
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
x-frame-options: DENY
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-ray: 8a27bac068e092b7-FRA
x-xss-protection: 1; mode=block

GET
H2 200 client.ea5638af34c205ebe797.js Show response
guest-assets.paywithextend.com/ 2 MB
485 KB 590ms
537ms Script
application/javascript 13.225.78.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guest-assets.paywithextend.com/client.ea5638af34c205ebe797.js
Requested by: Host: guest.extend.bancofcal.com
URL: https://guest.extend.bancofcal.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-58.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 590c3a55964ff38c398a5e54027c9bab3181f8d5a51eee8b2e3abb1326b0516f

Request headers

Referer: https://guest.extend.bancofcal.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 07:58:44 GMT
x-amz-version-id: W7at7_sKYeeUC8x5gYu8YLsI2ORKJTiA
content-encoding: gzip
last-modified: Tue, 09 Jul 2024 19:24:40 GMT
server: AmazonS3
via: 1.1 ec9e3bc729d9c6d55ed32446408ad62e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
etag: W/"76f7350a7fdcece286ec508136cb2458"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
x-amz-cf-id: HaCh4nodqtilfiPTwIdlnaSW5l6jVZc3mxXnYXiwAteHj5U-CBQETA==

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dd319e78c54679dcb9a4363b12c8ba35aca1c8a60dcde970afc62c17c8f79bd

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5604f7888431650066bfb7cb23c9c7645ff9529b04cb8e0ccfe20a4bd45cfdb

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Rubik-Medium.4ddab52b8ff256c808344c15164118c6.ttf
guest-assets.paywithextend.com/ 133 KB
63 KB 491ms
469ms Font
font/ttf 13.225.78.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guest-assets.paywithextend.com/Rubik-Medium.4ddab52b8ff256c808344c15164118c6.ttf
Requested by: Host: guest.extend.bancofcal.com
URL: https://guest.extend.bancofcal.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-58.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cc1dd76abe28078cd5a69ee986ccf3a3d7e74bd95d9fff16db7700daca37dcfb

Request headers

Referer: https://guest.extend.bancofcal.com/
Origin: https://guest.extend.bancofcal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 07:58:46 GMT
x-amz-version-id: otfMQO0T9AjLv0RoAn1rKH4rvuljEVb_
content-encoding: gzip
via: 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Tue, 09 Jul 2024 19:24:40 GMT
server: AmazonS3
etag: W/"c87313aa86b7caa31a9a0accaa584970"
access-control-max-age: 5000
access-control-allow-methods: GET
content-type: font/ttf
access-control-allow-origin: https://guest.extend.bancofcal.com
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
x-amz-cf-id: 9iQYm-8HIEx2dSxOW8cX5aqL8YE7w7cG2SugHHM20t71rkJ_rl59Yg==

GET
H2 200 Rubik-Regular.37a4d906e92edcd9484c83065d6a1838.ttf
guest-assets.paywithextend.com/ 130 KB
62 KB 550ms
528ms Font
font/ttf 13.225.78.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guest-assets.paywithextend.com/Rubik-Regular.37a4d906e92edcd9484c83065d6a1838.ttf
Requested by: Host: guest.extend.bancofcal.com
URL: https://guest.extend.bancofcal.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-58.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0c93ef2613d2207307a8e91ceb6719e0c6e313c10e58860bdaca02a849b72b97

Request headers

Referer: https://guest.extend.bancofcal.com/
Origin: https://guest.extend.bancofcal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 07:58:46 GMT
x-amz-version-id: XHF.7aD.DoNI9qs_4SD9iadNwWvgMgtu
content-encoding: gzip
via: 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Tue, 09 Jul 2024 19:24:40 GMT
server: AmazonS3
etag: W/"b3d0902b533ff4c4f1698a2f96ddabab"
access-control-max-age: 5000
access-control-allow-methods: GET
content-type: font/ttf
access-control-allow-origin: https://guest.extend.bancofcal.com
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
x-amz-cf-id: jw7OYcmu5PWB4iJJxYDhYLeZ2_Z4EZgnccNUXVfxEXxN-Y_7SAjbaQ==

GET
H2

200

main.js Show response
guest.extend.bancofcal.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/ Frame 9FE4
Redirect Chain

https://guest.extend.bancofcal.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://guest.extend.bancofcal.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?

8 KB
4 KB

18ms
17ms

Script
application/javascript

2606:4700:10::ac43:c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://guest.extend.bancofcal.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?

Requested by

Host: guest.extend.bancofcal.com
URL: https://guest.extend.bancofcal.com/

Protocol

Server

2606:4700:10::ac43:c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

648ed6003c647bb37c821cc1295c86e72ca436b20596983f57ea2d7204bba2ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 07:58:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 8a27bacaab6792b7-FRA

Redirect headers

date: Sat, 13 Jul 2024 07:58:44 GMT
server: cloudflare
vary: Accept-Encoding
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/7a55c9ccbaaa/main.js?
access-control-allow-origin: *
cache-control: max-age: 300, public
cf-ray: 8a27baca8b4a92b7-FRA
content-length: 0

POST
H2 200 8a27babdce7492b7 Show response
guest.extend.bancofcal.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 9FE4 0
394 B 45ms
40ms XHR
text/plain 2606:4700:10::ac43:c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://guest.extend.bancofcal.com/cdn-cgi/challenge-platform/h/g/jsd/r/8a27babdce7492b7
Requested by: Host: guest.extend.bancofcal.com
URL: https://guest.extend.bancofcal.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:c6d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 13 Jul 2024 07:58:45 GMT
server: cloudflare
cf-ray: 8a27bacbbc6c92b7-FRA
content-length: 0
content-type: text/plain; charset=UTF-8

GET
H2 200 favicon.ico
brand-assets.paywithextend.com/boc/ 11 KB
11 KB 479ms
432ms Other
image/vnd.microsoft.icon 13.33.187.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://brand-assets.paywithextend.com/boc/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-187-71.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8eb7e3129972eefe1de5312b502589ff86a880f6089d7ae53c02ef5f6e62b3e7

Request headers

Referer: https://guest.extend.bancofcal.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 07:58:46 GMT
x-amz-version-id: c0Xedkorp_dA3X2rvCPrOVew08VH1mf7
via: 1.1 3677df2c828d68a6a84555cd8a40cf50.cloudfront.net (CloudFront)
last-modified: Wed, 26 Jun 2024 15:21:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
etag: "5a8a17ac955dfb7051c1fa703d82941d"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/vnd.microsoft.icon
accept-ranges: bytes
content-length: 11062
x-amz-cf-id: bGJcUiQ2mYMnKpU4FfI-JVrfT0kkl6JdsPkKVqt_h0mbsu4AvwNTeA==

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.guest.extend.bancofcal.com/	1970-01-21 06:46:33	Name: cf_clearance Value: pTWMRFInY7IyY5v5Pptdigpt7SwzisfqegiigWjZKWQ-1720857525-1.0.1.1-6lsPsARNTnPEWSmOoU_YV.aZCKlj0XPb2ddiDzuR_FePw6_MPxFOsCwKBDl0zuYjUnt8e9vSdBzd1SSx18ctuw

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self' 'nonce-pDstYUO/lTdurfCJYQg90Q==' paywithextend.com *.paywithextend.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

brand-assets.paywithextend.com
guest-assets.paywithextend.com
guest.extend.bancofcal.com
13.225.78.58
13.33.187.71
2606:4700:10::ac43:c6d
0c93ef2613d2207307a8e91ceb6719e0c6e313c10e58860bdaca02a849b72b97
2dd319e78c54679dcb9a4363b12c8ba35aca1c8a60dcde970afc62c17c8f79bd
590c3a55964ff38c398a5e54027c9bab3181f8d5a51eee8b2e3abb1326b0516f
648ed6003c647bb37c821cc1295c86e72ca436b20596983f57ea2d7204bba2ec
840287a59dabd44519a17214bf5867f0e3bc6402c86c89c012be4b487d5ca526
8eb7e3129972eefe1de5312b502589ff86a880f6089d7ae53c02ef5f6e62b3e7
a5604f7888431650066bfb7cb23c9c7645ff9529b04cb8e0ccfe20a4bd45cfdb
b5828aa523e93c8c1e1a683e36b868265c1abcb2a2cdc53685f88e8b9955b83a
cc1dd76abe28078cd5a69ee986ccf3a3d7e74bd95d9fff16db7700daca37dcfb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

guest.extend.bancofcal.com Open in urlscan Pro 2606:4700:10::ac43:c6d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

88 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

4 IPs

1 Countries

629 kBTransfer

2760 kBSize

1 Cookies

1 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

guest.extend.bancofcal.com Open in urlscan Pro
2606:4700:10::ac43:c6d Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

88 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

629 kB
Transfer

2760 kB
Size

1
Cookies

8 HTTP transactions
2 data transactions