urlscan.io logo urlscan.io
SecurityTrails logo

applink.natwest.com Open in urlscan Pro
109.234.206.55  Public Scan

Go To Rescan Add Verdict Report
URL: https://applink.natwest.com/text-mobile-application/traffic
Submission: On September 23 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 6 countries across 8 domains to perform 24 HTTP transactions. The main IP is 109.234.206.55, located in Fulham, United Kingdom and belongs to NODE4-AS, GB. The main domain is applink.natwest.com.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on August 30th 2019. Valid for: 2 years.
This is the only time applink.natwest.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 109.234.206.55 31727 (NODE4-AS)
3 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
1 3 34.248.49.247 16509 (AMAZON-02)
1 172.217.23.162 15169 (GOOGLE)
1 2 216.58.208.38 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.49.138.93 16509 (AMAZON-02)
2 15.236.175.233 16509 (AMAZON-02)
1 1 66.117.28.86 15224 (OMNITURE)
24 10
11    109.234.206.55 (Fulham, United Kingdom)

ASN31727 (NODE4-AS, GB)
applink.natwest.com
3    2a02:26f0:10c:59b::1e80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
assets.adobedtm.com
3    34.248.49.247 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-49-247.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    172.217.23.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f162.1e100.net
www.googleadservices.com
2    216.58.208.38 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra15s12-in-f38.1e100.net
4318015.fls.doubleclick.net
1    2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:824::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    52.49.138.93 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-138-93.eu-west-1.compute.amazonaws.com
rbs.demdex.net
2    15.236.175.233 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-175-233.eu-west-3.compute.amazonaws.com
sc.natwest.com
1    66.117.28.86 (United States)

ASN15224 (OMNITURE, US)
cm.everesttech.net
Domain Requested by
11 applink.natwest.com applink.natwest.com
3 dpm.demdex.net 1 redirects applink.natwest.com
3 assets.adobedtm.com applink.natwest.com
assets.adobedtm.com
2 sc.natwest.com assets.adobedtm.com
2 4318015.fls.doubleclick.net 1 redirects applink.natwest.com
1 cm.everesttech.net 1 redirects
1 rbs.demdex.net assets.adobedtm.com
1 www.google.de applink.natwest.com
1 www.google.com applink.natwest.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com applink.natwest.com
24 11

This site contains links to these domains. Also see Links.

Domain
www.natwest.com
Subject Issuer Validity Valid
applink.natwest.com
COMODO RSA Organization Validation Secure Server CA		 2019-08-30 -
2021-08-29		 2 years crt.sh
assets.adobedtm.com
DigiCert SHA2 High Assurance Server CA		 2019-10-22 -
2021-10-01		 2 years crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA		 2018-01-09 -
2021-02-12		 3 years crt.sh
www.googleadservices.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.doubleclick.net
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
sc.natwest.com
COMODO RSA Organization Validation Secure Server CA		 2020-04-28 -
2021-08-05		 a year crt.sh

This page contains 3 frames:

Primary Page: https://applink.natwest.com/text-mobile-application/traffic
Frame ID: EF7E0CF998C27437F47A3890AB870D66
Requests: 22 HTTP requests in this frame

Frame: https://4318015.fls.doubleclick.net/activityi;dc_pre=COTb2r3E_-sCFT_IuwgdRfIDyw;src=4318015;type=mob_app;cat=app_sta;ord=1;num=3089504154495;gtm=2onas3;auiddc=379294031.1600872953;~oref=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile-application%2Ftraffic
Frame ID: 4CA84627DFA14C5C459384B35FDD3F68
Requests: 1 HTTP requests in this frame

Frame: https://rbs.demdex.net/dest5.html?d_nsid=0
Frame ID: A8CB8D40A66F030B2DA9862A9EAAE18D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

24
Requests

100 %
HTTPS

36 %
IPv6

8
Domains

11
Subdomains

10
IPs

6
Countries

238 kB
Transfer

578 kB
Size

13
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=C50417FE52CB33480A490D4C%40AdobeOrg&d_nsid=0&ts=1600872953171 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=C50417FE52CB33480A490D4C%40AdobeOrg&d_nsid=0&ts=1600872953171
Request Chain 14
  • https://4318015.fls.doubleclick.net/activityi;src=4318015;type=mob_app;cat=app_sta;ord=1;num=3089504154495;gtm=2onas3;auiddc=379294031.1600872953;~oref=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile-application%2Ftraffic HTTP 302
  • https://4318015.fls.doubleclick.net/activityi;dc_pre=COTb2r3E_-sCFT_IuwgdRfIDyw;src=4318015;type=mob_app;cat=app_sta;ord=1;num=3089504154495;gtm=2onas3;auiddc=379294031.1600872953;~oref=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile-application%2Ftraffic
Request Chain 21
  • https://cm.everesttech.net/cm/dd?d_uuid=45277733690828573432094965891835924167 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=X2th_QAABtEGXRTJ

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request traffic
applink.natwest.com/text-mobile-application/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
a049ec9a42756ab01d1b038287980cf692aa709840a960df5c1656704a7e5e07
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Host
applink.natwest.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
X-FRAME-OPTIONS
SAMEORIGIN
Date
Wed, 23 Sep 2020 14:55:52 GMT
Content-Length
2587
Strict-Transport-Security
max-age=16070400; includeSubDomains
Site.css
applink.natwest.com/CSS/ 		7 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://applink.natwest.com/CSS/Site.css
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
6fc07fcb4d68431f05f01510d116784b25a56d29808d5be2a020f1b5663dec62
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 23 Sep 2020 14:55:52 GMT
Content-Encoding
gzip
Last-Modified
Thu, 13 Aug 2020 16:41:35 GMT
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"fd5f7b9b9071d61:0"
Vary
Accept-Encoding
Content-Type
text/css
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
2397
jquery-3.5.1.min.js
applink.natwest.com/Scripts/ 		87 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://applink.natwest.com/Scripts/jquery-3.5.1.min.js
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 23 Sep 2020 14:55:52 GMT
Content-Encoding
gzip
Last-Modified
Thu, 13 Aug 2020 16:41:35 GMT
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"a34b879b9071d61:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
39750
Radio.js
applink.natwest.com/Scripts/ 		6 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://applink.natwest.com/Scripts/Radio.js
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
756303a56c48a21fbaaf1e61835442785127246948f28ccaedb9913d50adbfc7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 23 Sep 2020 14:57:20 GMT
Last-Modified
Thu, 13 Aug 2020 16:41:35 GMT
ETag
"3deb609b9071d61:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
X-name
iis3
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
6610
Cufon.js
applink.natwest.com/Scripts/ 		18 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://applink.natwest.com/Scripts/Cufon.js
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
27d7d958c79fe067447031f573e4b3296a3021169f6f7668fedddbdd7390a158
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 23 Sep 2020 14:57:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 13 Aug 2020 16:41:37 GMT
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"726f199d9071d61:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
9041
NatWest_New_400.font.js
applink.natwest.com/Scripts/ 		16 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://applink.natwest.com/Scripts/NatWest_New_400.font.js
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
98f06f9019d2ced9498b8a010d5df4fcc8581e1767c4252f10649866c694e801
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 23 Sep 2020 14:55:52 GMT
Content-Encoding
gzip
Last-Modified
Thu, 13 Aug 2020 16:41:35 GMT
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"c5d4909b9071d61:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
8692
satelliteLib-a41e7a3d82e01b161c1dd052d1371d6c6914d89c.js
assets.adobedtm.com/5165c8c319825f6ec3fb78d0a8dcc1054ab35a3d/ 		321 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/5165c8c319825f6ec3fb78d0a8dcc1054ab35a3d/satelliteLib-a41e7a3d82e01b161c1dd052d1371d6c6914d89c.js
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:59b::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
6e0db90cb27d4e8e5354455e041722dba6e51150aefd7d644473610ab3a1e64a

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:55:53 GMT
content-encoding
gzip
last-modified
Tue, 02 Jun 2020 09:05:56 GMT
server
AkamaiNetStorage
status
200
etag
"f00bda28efdb5b0598ed930c80bf98d4:1591088756.685991"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://applink.natwest.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Sep 2020 15:55:53 GMT
clear.gif
applink.natwest.com/Images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://applink.natwest.com/Images/clear.gif
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
4b8be0bb35121bf4025809030ebd64b2963591f22477906bfebe3619c25c26a2
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 23 Sep 2020 14:55:52 GMT
Last-Modified
Thu, 13 Aug 2020 16:41:35 GMT
ETag
"37e9849b9071d61:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/gif
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
1095
android.jpg
applink.natwest.com/Images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://applink.natwest.com/Images/android.jpg
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
0d71b02a9b8114c3617a264c0b65553159d8466966f6e9b73587cbf9f07ffe35
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 23 Sep 2020 14:55:52 GMT
Last-Modified
Thu, 13 Aug 2020 16:41:35 GMT
ETag
"af24809b9071d61:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
4280
ios.jpg
applink.natwest.com/Images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://applink.natwest.com/Images/ios.jpg
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
b6e1192e4923acce56f8d44fddde36714802cc1b24ff8feb9644daebf8c2bd71
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 23 Sep 2020 14:55:52 GMT
Last-Modified
Thu, 13 Aug 2020 16:41:35 GMT
ETag
"37e9849b9071d61:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
4759
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=C50417FE52CB33480A490D4C%40AdobeOrg&d_nsid=0&ts=1600872953171
  • https://dpm.demdex.net/id/rd?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=C50417FE52CB33480A490D4C%40AdobeOrg&d_nsid=0&ts=1600872953171
2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=C50417FE52CB33480A490D4C%40AdobeOrg&d_nsid=0&ts=1600872953171
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.49.247 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-49-247.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
2dffda62317ecbc26b208ebf6dfc561744ef3e079d205470708d321ae3c1eb19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v081-01b2f7528.edge-irl1.demdex.com 5.78.0.20200908113611 2ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
QXjySRKPS84=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://applink.natwest.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
864
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://applink.natwest.com
X-TID
V4wrM+OaTc8=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=C50417FE52CB33480A490D4C%40AdobeOrg&d_nsid=0&ts=1600872953171
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/ 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/5165c8c319825f6ec3fb78d0a8dcc1054ab35a3d/satelliteLib-a41e7a3d82e01b161c1dd052d1371d6c6914d89c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:59b::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
adfcb165c69213b0aba3c64bc549f7ff156ec82110fb8ef144b1d16ebc13b04a

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:55:53 GMT
content-encoding
gzip
last-modified
Tue, 10 Mar 2020 22:29:22 GMT
server
AkamaiNetStorage
status
200
etag
"42fa244f36955eedb3cd8ade6f492bf6:1583879362.816163"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://applink.natwest.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
13342
expires
Wed, 23 Sep 2020 15:55:53 GMT
nw_logo.jpg
applink.natwest.com/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://applink.natwest.com/images/nw_logo.jpg
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/CSS/Site.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
0cf8253d6243466672674d4cfa5c9a7b4ec71cbf46c06bbfae1e7c2ff15e2f18
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://applink.natwest.com/CSS/Site.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 23 Sep 2020 14:55:52 GMT
Last-Modified
Thu, 13 Aug 2020 16:41:35 GMT
ETag
"37e9849b9071d61:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
7242
get_button.png
applink.natwest.com/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://applink.natwest.com/images/get_button.png
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/CSS/Site.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
109.234.206.55 Fulham, United Kingdom, ASN31727 (NODE4-AS, GB),
Reverse DNS
Software
/
Resource Hash
a8f959787416d52451be7fff4fb7f6655b3aea5287f4b467b7fc5e42e652c7da
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://applink.natwest.com/CSS/Site.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 23 Sep 2020 14:57:20 GMT
Last-Modified
Thu, 13 Aug 2020 16:41:34 GMT
ETag
"553a509b9071d61:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
X-name
iis3
Strict-Transport-Security
max-age=16070400; includeSubDomains
Accept-Ranges
bytes
Content-Length
2696
conversion_async.js
www.googleadservices.com/pagead/ 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:55:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11311
x-xss-protection
0
server
cafe
etag
12833363978352728442
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 23 Sep 2020 14:55:53 GMT
activityi;dc_pre=COTb2r3E_-sCFT_IuwgdRfIDyw;src=4318015;type=mob_app;cat=app_sta;ord=1;num=3089504154495;gtm=2onas3;auiddc=379294031.1600872953;~oref=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile...
4318015.fls.doubleclick.net/ Frame 4CA8
Redirect Chain
  • https://4318015.fls.doubleclick.net/activityi;src=4318015;type=mob_app;cat=app_sta;ord=1;num=3089504154495;gtm=2onas3;auiddc=379294031.1600872953;~oref=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobi...
  • https://4318015.fls.doubleclick.net/activityi;dc_pre=COTb2r3E_-sCFT_IuwgdRfIDyw;src=4318015;type=mob_app;cat=app_sta;ord=1;num=3089504154495;gtm=2onas3;auiddc=379294031.1600872953;~oref=https%3A%2F...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://4318015.fls.doubleclick.net/activityi;dc_pre=COTb2r3E_-sCFT_IuwgdRfIDyw;src=4318015;type=mob_app;cat=app_sta;ord=1;num=3089504154495;gtm=2onas3;auiddc=379294031.1600872953;~oref=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile-application%2Ftraffic?
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
216.58.208.38 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f38.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
4318015.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=COTb2r3E_-sCFT_IuwgdRfIDyw;src=4318015;type=mob_app;cat=app_sta;ord=1;num=3089504154495;gtm=2onas3;auiddc=379294031.1600872953;~oref=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile-application%2Ftraffic?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://applink.natwest.com/text-mobile-application/traffic
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
about:blank

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Wed, 23 Sep 2020 14:55:53 GMT
expires
Wed, 23 Sep 2020 14:55:53 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
353
x-xss-protection
0
set-cookie
IDE=AHWqTUmTW6kg6SdOlwC7N8N-Sfs9rYMz6bHqb9Iwg2SzJK24ZLA50yJmu_y7WTVD; expires=Mon, 18-Oct-2021 14:55:53 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Wed, 23 Sep 2020 14:55:53 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://4318015.fls.doubleclick.net/activityi;dc_pre=COTb2r3E_-sCFT_IuwgdRfIDyw;src=4318015;type=mob_app;cat=app_sta;ord=1;num=3089504154495;gtm=2onas3;auiddc=379294031.1600872953;~oref=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile-application%2Ftraffic?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
AppMeasurement_Module_AudienceManagement.min.js
assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/ 		25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement_Module_AudienceManagement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/5165c8c319825f6ec3fb78d0a8dcc1054ab35a3d/satelliteLib-a41e7a3d82e01b161c1dd052d1371d6c6914d89c.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:59b::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7037e102057d591d9adf205fef096b6bc5f05927a92abfba941bf501fb206500

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 14:55:53 GMT
content-encoding
gzip
last-modified
Tue, 10 Mar 2020 22:29:23 GMT
server
AkamaiNetStorage
status
200
etag
"ded8555987db3b546f5ba6ed52f81b8d:1583879363.172979"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://applink.natwest.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
8762
expires
Wed, 23 Sep 2020 15:55:53 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/968070952/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/968070952/?random=1600872953262&cv=9&fst=1600872953262&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2onas3&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile-application%2Ftraffic&tiba=NatWest%20-%20Mobile%20Banking&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6ec57315e088acae1da424cbeb31b81aee3faa72ab5bccaa9665d1780a683d7d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Sep 2020 14:55:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1049
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/968070952/ 		42 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/968070952/?random=1600872953262&cv=9&fst=1600869600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2onas3&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile-application%2Ftraffic&tiba=NatWest%20-%20Mobile%20Banking&async=1&fmt=3&is_vtc=1&random=3032607700&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Sep 2020 14:55:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/968070952/ 		42 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/968070952/?random=1600872953262&cv=9&fst=1600869600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2onas3&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile-application%2Ftraffic&tiba=NatWest%20-%20Mobile%20Banking&async=1&fmt=3&is_vtc=1&random=3032607700&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Sep 2020 14:55:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Cookie set dest5.html
rbs.demdex.net/ Frame A8CB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://rbs.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/5165c8c319825f6ec3fb78d0a8dcc1054ab35a3d/satelliteLib-a41e7a3d82e01b161c1dd052d1371d6c6914d89c.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.138.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-138-93.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
rbs.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://applink.natwest.com/text-mobile-application/traffic
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
demdex=45277733690828573432094965891835924167
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://applink.natwest.com/text-mobile-application/traffic

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Wed, 09 Sep 2020 13:51:28 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=45277733690828573432094965891835924167;Path=/;Domain=.demdex.net;Expires=Mon, 22-Mar-2021 14:55:53 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding, User-Agent
X-TID
DGddaZhmTX0=
Content-Length
2785
Connection
keep-alive
id
sc.natwest.com/ 		48 B
489 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sc.natwest.com/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=C50417FE52CB33480A490D4C%40AdobeOrg&mid=37186242541453747691178822203041670025&ts=1600872953355
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/5165c8c319825f6ec3fb78d0a8dcc1054ab35a3d/satelliteLib-a41e7a3d82e01b161c1dd052d1371d6c6914d89c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-175-233.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
bb1bb15807072274a8139de037ccb282d154b29d67d5eb1284ed6500d1b5a611
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Wed, 23 Sep 2020 14:55:53 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-56f8f7c86-q4dhw
vary
Origin
x-c
master-1373.I81f5a0.M0-452
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://applink.natwest.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=X2th_QAABtEGXRTJ
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=45277733690828573432094965891835924167
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=X2th_QAABtEGXRTJ
42 B
915 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X2th_QAABtEGXRTJ
Requested by
Host: applink.natwest.com
URL: https://applink.natwest.com/text-mobile-application/traffic
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.248.49.247 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-49-247.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v081-07819e633.edge-irl1.demdex.com 5.78.0.20200908113611 1ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-TID
Wy8Lg0pUTWk=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Wed, 23 Sep 2020 14:55:52 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X2th_QAABtEGXRTJ
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
s83501212991697
sc.natwest.com/b/ss/rbsglobretailprod/10/JS-2.20.0-LATI/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.natwest.com/b/ss/rbsglobretailprod/10/JS-2.20.0-LATI/s83501212991697?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=23%2F8%2F2020%2016%3A55%3A53%203%20-120&d.&nsid=0&jsonv=1&.d&mid=37186242541453747691178822203041670025&aamlh=6&ce=UTF-8&ns=royalbankofscotland&cdp=2&fpCookieDomainPeriods=2&pageName=CATEGORY%3APersonal%3EGetMobileBanking%3ETextMeTheApp%3EDefault&g=https%3A%2F%2Fapplink.natwest.com%2Ftext-mobile-application%2Ftraffic&c.&cm.&ssf=0&.cm&.c&cc=GBP&server=Applink&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=D%3Dch&c5=applink.natwest.com&v5=NatWest&c6=applink.natwest.com%2Ftext-mobile-application%2Ftraffic&v20=C0001%3D1%2CC0009%3D1%2CC0003%3D1%2CC0002%3D1%2CC0004%3D1%2C&c25=AA%3A2.20.0%7CAT%3A%20Not%20Installed%7CECID%3A4.6.0%7CAAM%3A4.6.0%7CLAUNCH%3A2020-06-02T09%3A05%3A43Z%7CTS%3Asc.natwest.com&v31=Text%20Me%20The%20App%20Tool&v55=D%3DpageName&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=C50417FE52CB33480A490D4C%40AdobeOrg&AQE=1
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-175-233.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
540fd62cd69864410cb61729780c4db23eb9035444dcea35b2ead5da2dabfebe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://applink.natwest.com/text-mobile-application/traffic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-aam-tid
KSyBVYE6TRY=
date
Wed, 23 Sep 2020 14:55:53 GMT
x-content-type-options
nosniff
x-c
master-1373.I81f5a0.M0-452
p3p
CP="This is not a P3P policy"
status
200
content-length
2193
x-xss-protection
1; mode=block
dcs
dcs-prod-irl1-v081-0ef7259d9.edge-irl1.demdex.com 5.78.0.20200908113611 6ms (+1ms)
pragma
no-cache
last-modified
Thu, 24 Sep 2020 14:55:53 GMT
server
jag
xserver
anedge-56f8f7c86-q9z2q
etag
3437848489178267648-4621691473346058567
vary
*
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 22 Sep 2020 14:55:53 GMT

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery string| checkboxHeight string| radioHeight string| selectWidth object| Custom function| Cufon object| tmParam object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor string| OptanonActiveGroups string| OnetrustActiveGroups object| s_c_il number| s_c_in string| tmp_pageName function| checkNumbers function| checkNumber object| google_tag_manager object| dataLayer function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| AppMeasurement_Module_AudienceManagement function| DIL object| s_i_rbsglobretailprod number| a

13 Cookies

Domain/Path Name / Value
.demdex.net/ Name: dextp
Value: 445-1-1600872953523
.demdex.net/ Name: demdex
Value: 45277733690828573432094965891835924167
.natwest.com/ Name: AMCV_C50417FE52CB33480A490D4C%40AdobeOrg
Value: -408604571%7CMCIDTS%7C18529%7CMCMID%7C37186242541453747691178822203041670025%7CMCAAMLH-1601477753%7C6%7CMCAAMB-1601477753%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1600880153s%7CNONE%7CMCSYNCSOP%7C411-18536%7CMCAID%7CNONE%7CvVersion%7C4.6.0
.natwest.com/ Name: s_cc
Value: true
.doubleclick.net/ Name: IDE
Value: AHWqTUmTW6kg6SdOlwC7N8N-Sfs9rYMz6bHqb9Iwg2SzJK24ZLA50yJmu_y7WTVD
.natwest.com/ Name: s2_nr
Value: 1600872953485-New
.natwest.com/ Name: gpv_pu
Value: no%20value
.natwest.com/ Name: gpv_pn
Value: CATEGORY%3APersonal%3EGetMobileBanking%3ETextMeTheApp%3EDefault
.natwest.com/ Name: _gcl_au
Value: 1.1.379294031.1600872953
.natwest.com/ Name: s_ecid
Value: MCMID%7C37186242541453747691178822203041670025
.applink.natwest.com/ Name: aam_did
Value: 45277733690828573432094965891835924167
.natwest.com/ Name: AMCVS_C50417FE52CB33480A490D4C%40AdobeOrg
Value: 1
.natwest.com/ Name: OptanonConsent
Value: groups=C0001:1,C0002:1,C0003:1,C0004:1,C0009:1&y1hosts=

1 Console Messages

Source Level URL
Text
console-api log URL: https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement_Module_AudienceManagement.min.js(Line 2)
Message:
visitor.publishDestinations() result: The destination publishing iframe is already attached and loaded.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4318015.fls.doubleclick.net
applink.natwest.com
assets.adobedtm.com
cm.everesttech.net
dpm.demdex.net
googleads.g.doubleclick.net
rbs.demdex.net
sc.natwest.com
www.google.com
www.google.de
www.googleadservices.com
109.234.206.55
15.236.175.233
172.217.23.162
216.58.208.38
2a00:1450:4001:818::2003
2a00:1450:4001:820::2002
2a00:1450:4001:824::2004
2a02:26f0:10c:59b::1e80
34.248.49.247
52.49.138.93
66.117.28.86
0cf8253d6243466672674d4cfa5c9a7b4ec71cbf46c06bbfae1e7c2ff15e2f18
0d71b02a9b8114c3617a264c0b65553159d8466966f6e9b73587cbf9f07ffe35
27d7d958c79fe067447031f573e4b3296a3021169f6f7668fedddbdd7390a158
2dffda62317ecbc26b208ebf6dfc561744ef3e079d205470708d321ae3c1eb19
4b8be0bb35121bf4025809030ebd64b2963591f22477906bfebe3619c25c26a2
540fd62cd69864410cb61729780c4db23eb9035444dcea35b2ead5da2dabfebe
6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b
6e0db90cb27d4e8e5354455e041722dba6e51150aefd7d644473610ab3a1e64a
6ec57315e088acae1da424cbeb31b81aee3faa72ab5bccaa9665d1780a683d7d
6fc07fcb4d68431f05f01510d116784b25a56d29808d5be2a020f1b5663dec62
7037e102057d591d9adf205fef096b6bc5f05927a92abfba941bf501fb206500
756303a56c48a21fbaaf1e61835442785127246948f28ccaedb9913d50adbfc7
98f06f9019d2ced9498b8a010d5df4fcc8581e1767c4252f10649866c694e801
a049ec9a42756ab01d1b038287980cf692aa709840a960df5c1656704a7e5e07
a8f959787416d52451be7fff4fb7f6655b3aea5287f4b467b7fc5e42e652c7da
adfcb165c69213b0aba3c64bc549f7ff156ec82110fb8ef144b1d16ebc13b04a
b6e1192e4923acce56f8d44fddde36714802cc1b24ff8feb9644daebf8c2bd71
bb1bb15807072274a8139de037ccb282d154b29d67d5eb1284ed6500d1b5a611
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b