www.natwestbankonline.com Open in urlscan Pro
51.81.182.134 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.natwestbankonline.com/
Submission: On March 21 via api (March 21st 2024, 10:35:43 pm UTC) from US — Scanned from US

Summary HTTP 40 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 40 HTTP transactions. The main IP is 51.81.182.134, located in Hillsboro, United States and belongs to OVH, FR. The main domain is www.natwestbankonline.com.
TLS certificate: Issued by R3 on January 25th 2024. Valid for: 3 months.

This is the only time www.natwestbankonline.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
28	51.81.182.134 51.81.182.134	16276 (OVH) (OVH)
1 1	104.26.9.183 104.26.9.183	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700:20:... 2606:4700:20::681a:88b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4004:c07::5f	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c1d::5e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
40	6

28 51.81.182.134 (Hillsboro, United States)

ASN16276 (OVH, FR)
PTR: ns1.server533.iseencloud.com

www.natwestbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.9.183 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

code.tidio.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:20::681a:88b (United States)

ASN13335 (CLOUDFLARENET, US)

widget-v4.tidiochat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c07::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1d::5e (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	natwestbankonline.com www.natwestbankonline.com	3 MB
7	tidiochat.com widget-v4.tidiochat.com — Cisco Umbrella Rank: 30294	354 KB
2	gstatic.com fonts.gstatic.com	80 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 387	2 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	2 KB
1	tidio.co 1 redirects code.tidio.co — Cisco Umbrella Rank: 23591	486 B
40	6

	Domain	Requested by
28	www.natwestbankonline.com	www.natwestbankonline.com
7	widget-v4.tidiochat.com	www.natwestbankonline.com code.tidio.co
2	fonts.gstatic.com	fonts.googleapis.com
1	cdnjs.cloudflare.com	www.natwestbankonline.com
1	fonts.googleapis.com	www.natwestbankonline.com
1	code.tidio.co	1 redirects
40	6

This site contains no links.

Subject Issuer	Validity	Valid
webmail.natwestbankonline.com R3	`2024-01-25` - `2024-04-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
tidiochat.com GTS CA 1P5	`2024-03-17` - `2024-06-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.natwestbankonline.com/
Frame ID: 39480968929C70A11B2AF43004715D03
Requests: 32 HTTP requests in this frame

Frame: https://widget-v4.tidiochat.com/1_221_0/static/js/chunk-WidgetIframe-707c4e63902039f00217.js
Frame ID: B5AB8B715024976EB4B06C3AB07E3257
Requests: 5 HTTP requests in this frame

Frame: https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2
Frame ID: E0EF6E89F4960BA3B0E8B33BC444AD60
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

NatWest | Home page

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

40
Requests

95 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

3786 kB
Transfer

4987 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://code.tidio.co/4hntnbov4xs9nytzvhbbgbxjykueyz2q.js HTTP 302
https://widget-v4.tidiochat.com/1_221_0/static/js/render.707c4e63902039f00217.js

40 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.natwestbankonline.com/ 32 KB
6 KB 569ms
102ms Document
text/html 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: b983892a525c7a8af9a82003c7c2be2e944d3f674f5866ad3ccdf10bcf5c3feb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-encoding: br
content-length: 5545
content-type: text/html; charset=UTF-8
date: Thu, 21 Mar 2024 22:35:31 GMT
server: LiteSpeed
vary: Accept-Encoding

GET
H2 200 style.css
www.natwestbankonline.com/ 56 KB
7 KB 132ms
0ms Stylesheet
text/css 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/style.css
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 0ecc0e70b54b193a4059c928d9ec1e370cc23f5d4bba079a00cc6aefc9271608

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:39:52 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 7219
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 logo.png
www.natwestbankonline.com/ 101 KB
101 KB 140ms
0ms Image
image/png 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/logo.png
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: c1d0e1b2db6c7a4914ba3a0d651dee5153f960e63f9bc30e0e8b0b90dc6eb77c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
last-modified: Wed, 27 Sep 2023 13:31:12 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 103370
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 placeholder.png
www.natwestbankonline.com/img/core-img/ 988 B
1 KB 315ms
163ms Image
image/png 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/core-img/placeholder.png
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 756b95b9ce0efb151dd04528fea25332b6b6b3583bbc869105655f584bc52043

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
last-modified: Sat, 14 Jan 2023 09:39:46 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 988
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 message.png
www.natwestbankonline.com/img/core-img/ 1 KB
1 KB 315ms
164ms Image
image/png 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/core-img/message.png
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: a97afd3acf7470cd817faca0db918ab4ad6d02402215756964dabe4f6626508f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
last-modified: Sat, 14 Jan 2023 09:39:46 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 1089
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 images.png
www.natwestbankonline.com/img/core-img/ 15 KB
15 KB 316ms
165ms Image
image/png 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/core-img/images.png
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 422febeb413ebca5cb27d659169c856972181d41b38548b62206b7340cca6f40

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
last-modified: Sat, 14 Jan 2023 09:39:44 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 15400
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 2.jpg
www.natwestbankonline.com/img/bg-img/ 204 KB
204 KB 316ms
166ms Image
image/jpeg 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/bg-img/2.jpg
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 8a6434aa69b9e53e9bfff4f6aa69408fa8048b57c2367183ec1263db3fbbe9ca

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
last-modified: Thu, 24 Aug 2023 11:41:26 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 208426
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 404 3.jpg
www.natwestbankonline.com/img/bg-img/ 1 KB
1 KB 787ms
640ms Image
text/html 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/bg-img/3.jpg
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Mar 2024 22:35:31 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 1236
content-type: text/html

GET
H2 200 4.jpg
www.natwestbankonline.com/img/bg-img/ 55 KB
55 KB 787ms
641ms Image
image/jpeg 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/bg-img/4.jpg
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: d76ee6793e86c014a28c9bc6d30f3151ecea71da1415db12d48639a82e2b4c38

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
last-modified: Sat, 14 Jan 2023 09:39:42 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 56142
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 logo.png
www.natwestbankonline.com/img/ 101 KB
101 KB 864ms
720ms Image
image/png 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/logo.png
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: c1d0e1b2db6c7a4914ba3a0d651dee5153f960e63f9bc30e0e8b0b90dc6eb77c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
last-modified: Wed, 27 Sep 2023 13:31:12 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 103370
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2

200

render.707c4e63902039f00217.js Show response
widget-v4.tidiochat.com/1_221_0/static/js/
Redirect Chain

https://code.tidio.co/4hntnbov4xs9nytzvhbbgbxjykueyz2q.js
https://widget-v4.tidiochat.com/1_221_0/static/js/render.707c4e63902039f00217.js

5 KB
2 KB

95ms
50ms

Script
application/javascript

2606:4700:20::681a:88b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v4.tidiochat.com/1_221_0/static/js/render.707c4e63902039f00217.js
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Server: 2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1af2d8276db028d2211aea121ed23d6bacbfeea8a4b525bc61614f35050cab76

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 20 Mar 2024 10:18:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 964
etag: W/"65fab7df-1472"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p87ni2svT%2BeC6e29fMulQeLXNuKqc6%2FLrlEGYeC5Riy065F%2F%2Bzuanvnad%2FlUJ0V0qTtrXK7MAo2rS%2ByvlqS6qRHvTAF%2FbFbwddNQP4V7AbIK%2BoeVvlZk1OeaVDCAuajrQYZWYu3h7%2BkA%2FbqbVBJzjPnJX6j3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=691200
cf-ray: 86816a661e94727a-EWR

Redirect headers

date: Thu, 21 Mar 2024 22:35:32 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
widget-cache-status: HIT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C0zA6j%2FkZtiv7VbuKf540fPTTtEJ8166rPAzU%2F%2FhzAvySk4mFzG9jCVrACr0Ha3f2uoLYgNJp0azuPYiNN85zRbIHwwzILDFHuwsUki1BQ35yDi6x2ubTZlk4nEmSmg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
location: https://widget-v4.tidiochat.com/1_221_0/static/js/render.707c4e63902039f00217.js
cache-control: public, s-maxage=300, max-age=0
cf-ray: 86816a651f3943b1-EWR

GET
H2 200 jquery-2.2.4.min.js Show response
www.natwestbankonline.com/js/jquery/ 84 KB
29 KB 393ms
243ms Script
application/javascript 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/js/jquery/jquery-2.2.4.min.js
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:12 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 29175
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 popper.min.js Show response
www.natwestbankonline.com/js/bootstrap/ 20 KB
7 KB 393ms
243ms Script
application/javascript 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/js/bootstrap/popper.min.js
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:10 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 6953
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 bootstrap.min.js Show response
www.natwestbankonline.com/js/bootstrap/ 50 KB
13 KB 393ms
244ms Script
application/javascript 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/js/bootstrap/bootstrap.min.js
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:10 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 13430
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 plugins.js Show response
www.natwestbankonline.com/js/plugins/ 119 KB
33 KB 393ms
245ms Script
application/javascript 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/js/plugins/plugins.js
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 5d16576e91ebb45155f8da98b3aaa7f25e8cd7b61528e0a79e1e79c6ce382075

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:12 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 33488
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 active.js Show response
www.natwestbankonline.com/js/ 5 KB
961 B 395ms
248ms Script
application/javascript 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/js/active.js
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: e7c081092a03d663d2486b8acf3b3be64c0573f26d998b0415274090fbd86ea0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:10 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 926
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 css
fonts.googleapis.com/ 30 KB
2 KB 363ms
34ms Stylesheet
text/css 2607:f8b0:4004:c07::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:300,400,500,600,700|Open+Sans:300,400,600,700

Requested by

Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32710fb999b46796bca6f1c640f02f6c830f799ad48f642cfdab42ba645e3b05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 21 Mar 2024 22:35:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 21 Mar 2024 22:32:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 21 Mar 2024 22:35:32 GMT

GET
H2 200 bootstrap.min.css
www.natwestbankonline.com/css/ 138 KB
19 KB 212ms
196ms Stylesheet
text/css 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/css/bootstrap.min.css
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:12 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 19090
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 classy-nav.css
www.natwestbankonline.com/css/ 22 KB
3 KB 212ms
197ms Stylesheet
text/css 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/css/classy-nav.css
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 176c332ec8206880463708a91d4c9725a3ceff6f6ee5efe860a494ff58dd9525

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:12 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 2979
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 owl.carousel.min.css
www.natwestbankonline.com/css/ 3 KB
826 B 212ms
197ms Stylesheet
text/css 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/css/owl.carousel.min.css
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 620c35ebcf9ed6b6a686f47ea8dfaeb357b714238b2626607c864ad694259de4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:12 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 791
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 animate.css
www.natwestbankonline.com/css/ 56 KB
4 KB 214ms
199ms Stylesheet
text/css 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/css/animate.css
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 59a1460df6cb458204ec993345ff4964fa7e1a77da4ab7137e50fce8434c1d6a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:12 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 4120
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 font-awesome.min.css
www.natwestbankonline.com/css/ 30 KB
7 KB 215ms
200ms Stylesheet
text/css 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/css/font-awesome.min.css
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 1fd4c882b277b1733f27be78e59f2318df771113cfc3981f4c4ad1b287238880

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:12 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 6665
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 credit-icon.css
www.natwestbankonline.com/css/ 3 KB
688 B 215ms
201ms Stylesheet
text/css 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/css/credit-icon.css
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: dc295f6a02e6905649efab2b677430aed394db10fd86a8df27df2c7e4e4b299f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:31 GMT
content-encoding: br
last-modified: Sat, 14 Jan 2023 09:41:12 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 653
expires: Thu, 28 Mar 2024 22:35:31 GMT

GET
H2 200 5.jpg
www.natwestbankonline.com/img/bg-img/ 111 KB
111 KB 467ms
465ms Image
image/jpeg 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/bg-img/5.jpg
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: c9a14ac74dcb3eba9eaaea710d139724c44f82ab32a3dab4c6d6d7e7f1919426

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:32 GMT
last-modified: Thu, 24 Aug 2023 11:41:18 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 113714
expires: Thu, 28 Mar 2024 22:35:32 GMT

GET
H2 200 6.jpg
www.natwestbankonline.com/img/bg-img/ 821 KB
822 KB 578ms
577ms Image
image/jpeg 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/bg-img/6.jpg
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: edb5e6d66f75cb0c57ba2da10fb063ff3315cdf110d72297e07cb672e5760f82

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:32 GMT
last-modified: Sat, 14 Jan 2023 09:39:44 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 841017
expires: Thu, 28 Mar 2024 22:35:32 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
47 KB 75ms
38ms Font
font/woff2 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:300,400,500,600,700|Open+Sans:300,400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.natwestbankonline.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 08:15:18 GMT
x-content-type-options: nosniff
age: 138014
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 08:15:18 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 32 KB
33 KB 51ms
15ms Font
font/woff2 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:300,400,500,600,700|Open+Sans:300,400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.natwestbankonline.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 06:53:24 GMT
x-content-type-options: nosniff
age: 142928
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33092
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 06:53:24 GMT

GET
H2 200 icomoonc38b.ttf
www.natwestbankonline.com/fonts/ 44 KB
44 KB 394ms
393ms Font
font/ttf 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/fonts/icomoonc38b.ttf?l52080
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/css/credit-icon.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 4898011ce19a26413c64ef546ad83b2e5eed776a2b3cdf5c0067430930b21523

Request headers

Referer: https://www.natwestbankonline.com/css/credit-icon.css
Origin: https://www.natwestbankonline.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:32 GMT
last-modified: Sat, 14 Jan 2023 09:39:52 GMT
server: LiteSpeed
content-type: font/ttf
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 44744
expires: Thu, 28 Mar 2024 22:35:32 GMT

GET
H2 200 6.gif
www.natwestbankonline.com/img/bg-img/ 1 MB
1 MB 799ms
797ms Image
image/gif 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/bg-img/6.gif
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: b3cf6afaab0e62b79a6a7f25692ac5a1f8bb0626cccfb5dbae649147be8dc3c9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:32 GMT
last-modified: Thu, 24 Aug 2023 12:27:44 GMT
server: LiteSpeed
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 1301814
expires: Thu, 28 Mar 2024 22:35:32 GMT

GET
H2 200 1.jpg
www.natwestbankonline.com/img/bg-img/ 414 KB
414 KB 799ms
798ms Image
image/jpeg 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.natwestbankonline.com/img/bg-img/1.jpg
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: feb3161ee2b3e13468b3cc5467af6443490410ab3a6ae0edb6ff9c4efb09da6f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:32 GMT
last-modified: Thu, 24 Aug 2023 11:41:44 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 423758
expires: Thu, 28 Mar 2024 22:35:32 GMT

GET
H2 200 classycb9b.ttf
www.natwestbankonline.com/fonts/ 1 KB
1 KB 552ms
551ms Font
font/ttf 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/fonts/classycb9b.ttf?fftrrv
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/css/classy-nav.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 16baf0add49a3c9238b257f8ef542c3aa7ff0924bcc692509c5fa8a7e47f68ca

Request headers

Referer: https://www.natwestbankonline.com/css/classy-nav.css
Origin: https://www.natwestbankonline.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:32 GMT
last-modified: Sat, 14 Jan 2023 09:39:46 GMT
server: LiteSpeed
content-type: font/ttf
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 1100
expires: Thu, 28 Mar 2024 22:35:32 GMT

GET
H2 200 fontawesome-webfont3e6e.woff2
www.natwestbankonline.com/fonts/ 75 KB
75 KB 648ms
647ms Font
font/woff2 51.81.182.134
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.natwestbankonline.com/fonts/fontawesome-webfont3e6e.woff2?v=4.7.0
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/css/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.182.134 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1.server533.iseencloud.com
Software: LiteSpeed /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://www.natwestbankonline.com/css/font-awesome.min.css
Origin: https://www.natwestbankonline.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:32 GMT
last-modified: Sat, 14 Jan 2023 09:39:50 GMT
server: LiteSpeed
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length: 77160
expires: Thu, 28 Mar 2024 22:35:32 GMT

GET
H2 200 chunk-WidgetIframe-707c4e63902039f00217.js Show response
widget-v4.tidiochat.com/1_221_0/static/js/ Frame B5AB 478 KB
124 KB 38ms
37ms Script
application/javascript 2606:4700:20::681a:88b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v4.tidiochat.com/1_221_0/static/js/chunk-WidgetIframe-707c4e63902039f00217.js
Requested by: Host: code.tidio.co
URL: https://code.tidio.co/4hntnbov4xs9nytzvhbbgbxjykueyz2q.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0d33d03f394141d2412eb25a303937df18f4755e96a13e7f060476bcf8a28c1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 20 Mar 2024 10:18:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 966
etag: W/"65fab7df-7767d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Lt1bhvSw8pKJXD4ljNNSds4uyrUlBLpl8fzdAXT%2FO0JS0YoZHX%2Bey3zlZRp5tM54C0dHApRgTwkrIkYGBYgGrfgilMZ04zHA4jRk6hnisV1f%2F7nyxbCgU1Lp9y6FszpvbE6wTtxXQkmGkiC6SEAj5bwxZNX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=691200
cf-ray: 86816a6c7e22727a-EWR

GET
H2 200 mulish_SGhgqk3wotYKNnBQ.woff2
widget-v4.tidiochat.com/fonts/ Frame B5AB 27 KB
27 KB 157ms
129ms Font
font/woff2 2606:4700:20::681a:88b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2
Requested by: Host: code.tidio.co
URL: https://code.tidio.co/4hntnbov4xs9nytzvhbbgbxjykueyz2q.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 577db921a554af3596942d3c48b5c91feaac8c767e183d518a8de8de86e5c7d8

Request headers

Referer
Origin: https://www.natwestbankonline.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:33 GMT
cf-cache-status: EXPIRED
last-modified: Wed, 20 Mar 2024 10:18:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "65fab7dc-6b08"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x53hadWODmkFUyojQv7tBiU0zeBNGnnXa4f58CLDMFC6an%2BiWk%2Fq0sxk%2B77gxpK1SKi7f0rV%2FT7zz8OMShAbyujoJB0aAIiHe8GOmIk3e7lvgEmErGzSbgb%2BtPchXc9%2FPhjaL%2B7V2XE52nYJKypujE%2Bejzlp"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 86816a6caed53300-EWR
content-length: 27400

GET
H2 206 tururu.mp3
widget-v4.tidiochat.com// Frame B5AB 7 KB
7 KB 18ms
18ms Media
audio/mpeg 2606:4700:20::681a:88b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v4.tidiochat.com//tururu.mp3
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12c7687514ca85ba2157ed61914ac526bb9dd15cb5a2a2d9e4d88f919349284f

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 21 Mar 2024 22:35:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 716559
Content-Range: bytes 0-7223/7224
Content-Length: 7224
pragma: public
last-modified: Wed, 13 Mar 2024 10:04:45 GMT
server: cloudflare
etag: "65f17a3d-1c38"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yCnrGtQyaD1qrjJrrpQ8DzsuqUhVFbzwbbxWFk4Z2xEu2pQrC48U4T9v8mgnP4%2FqOxhN5%2Bzzmhv8zFClCmuHvFTYFQYzI37PovvL%2FWkZh%2BZpsY6a9p2kyZ4XDqcAwST0aag%2FSkwZFyi61uGVAl4PL%2BRghckQ"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: public, max-age=31536000
cf-ray: 86816a6cce74727a-EWR
expires: Wed, 27 Mar 2024 15:32:54 GMT

GET
H2 200 widget.707c4e63902039f00217.js Show response
widget-v4.tidiochat.com/1_221_0/static/js/ Frame B5AB 493 KB
158 KB 34ms
33ms Script
application/javascript 2606:4700:20::681a:88b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v4.tidiochat.com/1_221_0/static/js/widget.707c4e63902039f00217.js
Requested by: Host: code.tidio.co
URL: https://code.tidio.co/4hntnbov4xs9nytzvhbbgbxjykueyz2q.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acbb80fb8d967121130a1faf91ed3465632af545c50c7bcdee5b92eb304295f5

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 20 Mar 2024 10:18:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4745
etag: W/"65fab7df-7b4f6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qhwfIB8me8DI%2BE9myUN7BCsg4pNi5UWBE6nXjT4ztRz9d4%2By1CWKo31L837MxSvmKvX%2FVKkI8B93ISEcIyhj9VXPJ5pj00Cx24H1xCRgOSVmRAJwLn8ZJ%2BcHCjwKqvYcilNPlHgdF3K7k5Kj%2FqFuHuKEOX10"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=691200
cf-ray: 86816a6d1ec4727a-EWR

GET
H2 206 tururu.mp3
widget-v4.tidiochat.com// Frame B5AB 7 KB
7 KB 23ms
22ms Media
audio/mpeg 2606:4700:20::681a:88b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v4.tidiochat.com//tururu.mp3
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12c7687514ca85ba2157ed61914ac526bb9dd15cb5a2a2d9e4d88f919349284f

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 21 Mar 2024 22:35:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 716559
Content-Range: bytes 0-7223/7224
Content-Length: 7224
pragma: public
last-modified: Wed, 13 Mar 2024 10:04:45 GMT
server: cloudflare
etag: "65f17a3d-1c38"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tnSBlsG4DrdrVw%2FIOuqmAbNSxp7LkLMm16lLMt411wzD%2FrmTF2DGTocBEqG38jTpkJ2KezrQPptWfkVtgBO9OSBD%2FmjMD9thqqYEoHC8htnGncCJ6vFFXFWMs2u0QofiJ2E6OA6SA3Sz47%2FgfkzUo6tqiLu6"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: public, max-age=31536000
cf-ray: 86816a6eb8aa727a-EWR
expires: Wed, 27 Mar 2024 15:32:54 GMT

GET
H2 200 mulish_SGhgqk3wotYKNnBQ.woff2
widget-v4.tidiochat.com/fonts/ Frame E0EF 27 KB
27 KB 21ms
20ms Font
font/woff2 2606:4700:20::681a:88b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2
Requested by: Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 577db921a554af3596942d3c48b5c91feaac8c767e183d518a8de8de86e5c7d8

Request headers

Referer: https://www.natwestbankonline.com/
Origin: https://www.natwestbankonline.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:34 GMT
cf-cache-status: HIT
last-modified: Wed, 20 Mar 2024 10:18:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1
etag: "65fab7dc-6b08"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2FlA7tEg8cdR%2FEFOlbMSEx4jWkgcWTMzH0aO30UDws3fXKNSEFkrPFfWEIrhI6u7hInPy5KrHyr23EadhMQ7nWuiatPa8hv82o1sdMoCj1PaD20u32tpj2s6ThRjrtyIJ0Ujz3xyGxt5EOchdcyAUnAWLyjJ"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 86816a742dbd3300-EWR
content-length: 27400

GET
H2 200 1f44b.png
cdnjs.cloudflare.com/ajax/libs/twemoji/12.1.1/72x72/ Frame E0EF 1 KB
2 KB 50ms
21ms Image
image/png 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twemoji/12.1.1/72x72/1f44b.png

Requested by

Host: www.natwestbankonline.com
URL: https://www.natwestbankonline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfee1561c6e59c90f7a292f90157bae85f75ccb3ae27b655898a51429e3a8910

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.natwestbankonline.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 22:35:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 126075
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1224
last-modified: Sat, 19 Dec 2020 02:18:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5fdd6306-505"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=815SjxWLC8gd6RxKF%2BjWSUHkIqErEltcoTpfzSYg0Qu7dX3IIZoYmmPFXMFIEI1kXn25WPhGDO7mdt%2BFWzdl5YkMI2SYEMiMuFhuPlPT5BnSrTRgsNEewQ4X4QnBNrdMB9rvU%2F8fLEgXHeg0XiKdXrAh"}],"group":"cf-nel","max_age":604800}
content-type: image/png; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 86816a75c849434f-EWR
expires: Tue, 11 Mar 2025 22:35:34 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.natwestbankonline.com/img/bg-img/3.jpg Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: about:blank Message: The resource https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
code.tidio.co
fonts.googleapis.com
fonts.gstatic.com
widget-v4.tidiochat.com
www.natwestbankonline.com
104.26.9.183
2606:4700:20::681a:88b
2606:4700::6811:190e
2607:f8b0:4004:c07::5f
2607:f8b0:4004:c1d::5e
51.81.182.134
0ecc0e70b54b193a4059c928d9ec1e370cc23f5d4bba079a00cc6aefc9271608
12c7687514ca85ba2157ed61914ac526bb9dd15cb5a2a2d9e4d88f919349284f
16baf0add49a3c9238b257f8ef542c3aa7ff0924bcc692509c5fa8a7e47f68ca
176c332ec8206880463708a91d4c9725a3ceff6f6ee5efe860a494ff58dd9525
1af2d8276db028d2211aea121ed23d6bacbfeea8a4b525bc61614f35050cab76
1fd4c882b277b1733f27be78e59f2318df771113cfc3981f4c4ad1b287238880
230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58
32710fb999b46796bca6f1c640f02f6c830f799ad48f642cfdab42ba645e3b05
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
422febeb413ebca5cb27d659169c856972181d41b38548b62206b7340cca6f40
4898011ce19a26413c64ef546ad83b2e5eed776a2b3cdf5c0067430930b21523
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
577db921a554af3596942d3c48b5c91feaac8c767e183d518a8de8de86e5c7d8
59a1460df6cb458204ec993345ff4964fa7e1a77da4ab7137e50fce8434c1d6a
5d16576e91ebb45155f8da98b3aaa7f25e8cd7b61528e0a79e1e79c6ce382075
620c35ebcf9ed6b6a686f47ea8dfaeb357b714238b2626607c864ad694259de4
6b683c486d5ac58822706a5b853e188089c8ac224f68788c35cc27844357ec2d
756b95b9ce0efb151dd04528fea25332b6b6b3583bbc869105655f584bc52043
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
8a6434aa69b9e53e9bfff4f6aa69408fa8048b57c2367183ec1263db3fbbe9ca
a97afd3acf7470cd817faca0db918ab4ad6d02402215756964dabe4f6626508f
acbb80fb8d967121130a1faf91ed3465632af545c50c7bcdee5b92eb304295f5
b3cf6afaab0e62b79a6a7f25692ac5a1f8bb0626cccfb5dbae649147be8dc3c9
b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365
b983892a525c7a8af9a82003c7c2be2e944d3f674f5866ad3ccdf10bcf5c3feb
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c1d0e1b2db6c7a4914ba3a0d651dee5153f960e63f9bc30e0e8b0b90dc6eb77c
c9a14ac74dcb3eba9eaaea710d139724c44f82ab32a3dab4c6d6d7e7f1919426
d76ee6793e86c014a28c9bc6d30f3151ecea71da1415db12d48639a82e2b4c38
dc295f6a02e6905649efab2b677430aed394db10fd86a8df27df2c7e4e4b299f
dfee1561c6e59c90f7a292f90157bae85f75ccb3ae27b655898a51429e3a8910
e7c081092a03d663d2486b8acf3b3be64c0573f26d998b0415274090fbd86ea0
edb5e6d66f75cb0c57ba2da10fb063ff3315cdf110d72297e07cb672e5760f82
f0d33d03f394141d2412eb25a303937df18f4755e96a13e7f060476bcf8a28c1
feb3161ee2b3e13468b3cc5467af6443490410ab3a6ae0edb6ff9c4efb09da6f

www.natwestbankonline.com Open in urlscan Pro 51.81.182.134 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

40 Requests

95 %HTTPS

67 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

3786 kBTransfer

4987 kBSize

0 Cookies

0 Outgoing links

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.natwestbankonline.com Open in urlscan Pro
51.81.182.134 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

95 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

3786 kB
Transfer

4987 kB
Size

0
Cookies

40 HTTP transactions
-1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!