auth.nelnetbank.velocity.nelnet.io Open in urlscan Pro
2606:4700::6812:acc Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank
Effective URL:
https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=b2603ba9f40544779e8aaa915a12603b&tenant=nelnetbank
Submission: On July 12 via api (July 12th 2023, 3:16:54 pm UTC) from IE — Scanned from DE

Summary HTTP 58 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 9 domains to perform 58 HTTP transactions. The main IP is 2606:4700::6812:acc, located in United States and belongs to CLOUDFLARENET, US. The main domain is auth.nelnetbank.velocity.nelnet.io.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 18th 2023. Valid for: a year.

This is the only time auth.nelnetbank.velocity.nelnet.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 24	2606:4700::68... 2606:4700::6812:acc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	35.201.112.186 35.201.112.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:223... 2600:9000:223f:3c00:1f:aa31:7740:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:bcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:1f18:24e... 2600:1f18:24e6:b902:a1bc:5be6:b86c:6c2a	14618 (AMAZON-AES) (AMAZON-AES)
2	35.186.194.58 35.186.194.58	15169 (GOOGLE) (GOOGLE)
3	34.149.155.70 34.149.155.70	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
58	14

24 2606:4700::6812:acc (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

auth.nelnetbank.velocity.nelnet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.velocity.nelnet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com

edge.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:3c00:1f:aa31:7740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:bcc (United States)

ASN13335 (CLOUDFLARENET, US)

chat.nelnetbank.velocity.nelnet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b902:a1bc:5be6:b86c:6c2a (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rum.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.149.155.70 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 70.155.149.34.bc.googleusercontent.com

data.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	nelnet.io 3 redirects auth.nelnetbank.velocity.nelnet.io api.velocity.nelnet.io chat.nelnetbank.velocity.nelnet.io	1 MB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63 region1.google-analytics.com — Cisco Umbrella Rank: 1623	21 KB
4	pendo.io cdn.pendo.io — Cisco Umbrella Rank: 1108 data.pendo.io — Cisco Umbrella Rank: 994	142 KB
4	fullstory.com edge.fullstory.com — Cisco Umbrella Rank: 2232 rs.fullstory.com — Cisco Umbrella Rank: 2059	71 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 88	2 KB
2	gstatic.com fonts.gstatic.com	138 KB
2	browser-intake-datadoghq.com rum.browser-intake-datadoghq.com — Cisco Umbrella Rank: 2413
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	157 KB
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 130	359 B
58	9

	Domain	Requested by
16	api.velocity.nelnet.io	2 redirects auth.nelnetbank.velocity.nelnet.io
8	auth.nelnetbank.velocity.nelnet.io	1 redirects auth.nelnetbank.velocity.nelnet.io
4	fonts.googleapis.com	auth.nelnetbank.velocity.nelnet.io chat.nelnetbank.velocity.nelnet.io
3	data.pendo.io	cdn.pendo.io
3	chat.nelnetbank.velocity.nelnet.io	auth.nelnetbank.velocity.nelnet.io chat.nelnetbank.velocity.nelnet.io
3	www.google-analytics.com	www.googletagmanager.com auth.nelnetbank.velocity.nelnet.io
2	fonts.gstatic.com	fonts.googleapis.com
2	rs.fullstory.com	auth.nelnetbank.velocity.nelnet.io edge.fullstory.com
2	rum.browser-intake-datadoghq.com	auth.nelnetbank.velocity.nelnet.io chat.nelnetbank.velocity.nelnet.io
2	region1.google-analytics.com	www.googletagmanager.com
2	www.googletagmanager.com	auth.nelnetbank.velocity.nelnet.io www.googletagmanager.com
2	edge.fullstory.com	auth.nelnetbank.velocity.nelnet.io
1	stats.g.doubleclick.net	auth.nelnetbank.velocity.nelnet.io
1	cdn.pendo.io	auth.nelnetbank.velocity.nelnet.io
58	14

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-18` - `2024-04-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
edge.fullstory.com GTS CA 1D4	`2023-05-27` - `2023-08-25`	3 months	crt.sh
cdn.pendo.io Amazon RSA 2048 M02	`2023-06-30` - `2024-07-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.browser-intake-datadoghq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-17` - `2024-06-18`	a year	crt.sh
rs.fullstory.com GTS CA 1D4	`2023-05-21` - `2023-08-19`	3 months	crt.sh
pendo.io GTS CA 1D4	`2023-06-16` - `2023-09-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=b2603ba9f40544779e8aaa915a12603b&tenant=nelnetbank
Frame ID: 5858BF48535CD110529884D6D08318F7
Requests: 43 HTTP requests in this frame

Frame: https://auth.nelnetbank.velocity.nelnet.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/556d0c9f/invisible.js
Frame ID: 5F443E0AB41A949B87F2DC3A88CC8B18
Requests: 2 HTTP requests in this frame

Frame: https://chat.nelnetbank.velocity.nelnet.io/chat
Frame ID: 0834C05BFB39140A304864286339B25A
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank Page URL
https://api.velocity.nelnet.io/v4/iam/oauth2/auth?redirect_uri=https%3A%2F%2Fauth.nelnetbank.velocity.nelne... HTTP 302
https://api.velocity.nelnet.io/v4/iam/oauth2/redirect?login_challenge=b2603ba9f40544779e8aaa915a12603b&real... HTTP 302
https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=b2603ba9f40544779e8aaa915a12603b&tenant=nelnetbank Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

58
Requests

81 %
HTTPS

77 %
IPv6

9
Domains

14
Subdomains

14
IPs

3
Countries

1845 kB
Transfer

5911 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank Page URL
https://api.velocity.nelnet.io/v4/iam/oauth2/auth?redirect_uri=https%3A%2F%2Fauth.nelnetbank.velocity.nelnet.io%2Fcallback&client_id=nelnetbank-auth-app&response_type=code&state=y5-7DJMZvk7IQQMSWAb9-FPqoHMhF2X6061wqaix7Pt1tGtlkYLwdg&scope=openid&access_type=offline&tenant=nelnetbank&realm=default&code_challenge=L7tDOZMJOvHi_z1Q7cYN1koEXZengfP43yb1siLkZEE&code_challenge_method=S256 HTTP 302
https://api.velocity.nelnet.io/v4/iam/oauth2/redirect?login_challenge=b2603ba9f40544779e8aaa915a12603b&realm=default&tenant=nelnetbank HTTP 302
https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=b2603ba9f40544779e8aaa915a12603b&tenant=nelnetbank Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://auth.nelnetbank.velocity.nelnet.io/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://auth.nelnetbank.velocity.nelnet.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/556d0c9f/invisible.js

58 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK sign-in Show response
auth.nelnetbank.velocity.nelnet.io/ 3 KB
2 KB 943ms
814ms Document
text/html 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e896acdeada4b5d61a05ce808ed6b51211515a27bf037a9b7023b1596763d011

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' blob: localhost https://chat.nelnetbank.velocity.nelnet.io ; object-src 'self' blob:;
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 7e5a3fd2f9b503b0-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: frame-src 'self' blob: localhost https://chat.nelnetbank.velocity.nelnet.io ; object-src 'self' blob:;
Content-Type: text/html; charset=utf-8
Date: Wed, 12 Jul 2023 15:16:47 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Request-ID: 88e43f67-f026-45a7-b84d-89ed2a502565
X-XSS-Protection: 1; mode=block

GET
H2 200 icon
fonts.googleapis.com/ 569 B
775 B 146ms
50ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Jul 2023 15:16:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 15:16:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Jul 2023 15:16:48 GMT

GET
H/1.1 200
OK vendors-2f3a904c5ab2dc45a314.js Show response
auth.nelnetbank.velocity.nelnet.io/_static/ 2 MB
591 KB 690ms
689ms Script
application/javascript 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80e2dbe2ce5f3cbf121ce2437920c0703c99e15fdbebc2aeb6b87a74b0f1d538

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 15:16:48 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Thu, 01 Jun 2023 17:32:47 GMT
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
ETag: W/"208e51-1887804e618"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=30
Connection: keep-alive
CF-RAY: 7e5a3fd8289703b0-FRA
X-Request-ID: 60eae3c0-7dc1-4fb7-9d1c-6f8922f9f758
Expires: Wed, 12 Jul 2023 15:17:18 GMT

GET
H/1.1 200
OK application-2f3a904c5ab2dc45a314.js Show response
auth.nelnetbank.velocity.nelnet.io/_static/ 162 KB
44 KB 767ms
681ms Script
application/javascript 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.nelnetbank.velocity.nelnet.io/_static/application-2f3a904c5ab2dc45a314.js

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

316b17317b58a63bb00090026803efd8c138bcd21556ce28182cf7c0f1a5c03d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 15:16:48 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Thu, 01 Jun 2023 17:32:47 GMT
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
ETag: W/"287f2-1887804e618"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=30
Connection: keep-alive
CF-RAY: 7e5a3fd8ab2f917c-FRA
X-Request-ID: bd6607b9-c260-4086-b318-8b2fc3d647a6
Expires: Wed, 12 Jul 2023 15:17:18 GMT

POST
H/1.1 200
OK requestClientToken Show response
auth.nelnetbank.velocity.nelnet.io/ 4 KB
2 KB 374ms
374ms XHR
application/json 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.nelnetbank.velocity.nelnet.io/requestClientToken

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2cb6839fff67255036283dbc3a865203cf0eec086cb1ddc23b7b7fb9b1d1270

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 15:16:49 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
ETag: W/"eb0-eaIGfnXtQVTCaxU/9f6A/Sawkik"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Connection: keep-alive
CF-RAY: 7e5a3fe20c6103b0-FRA
X-Request-ID: 822aa24e-3c1c-4fd9-9a73-a6ce69384809

GET
H2 200 css
fonts.googleapis.com/ 6 KB
812 B 52ms
52ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600&display=swap

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d3743c6f1dd7dbe1a3677bc1304a36ea74dca1aeb1c5a687cfd4cdf5574e9925

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Jul 2023 15:16:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 14:48:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Jul 2023 15:16:49 GMT

GET
H/1.1

200
OK

invisible.js Show response
auth.nelnetbank.velocity.nelnet.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/556d0c9f/ Frame 5F44
Redirect Chain

https://auth.nelnetbank.velocity.nelnet.io/cdn-cgi/challenge-platform/scripts/invisible.js
https://auth.nelnetbank.velocity.nelnet.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/556d0c9f/invisible.js

7 KB
4 KB

51ms
51ms

Script
application/javascript

2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.nelnetbank.velocity.nelnet.io/cdn-cgi/challenge-platform/h/b/scripts/jsd/556d0c9f/invisible.js

Protocol

HTTP/1.1

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2ee90c0094e1757b16d20f121e71fe6d541986a0f1aeef0dbf4820e57917933

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 15:16:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Server: cloudflare
Transfer-Encoding: chunked
vary: accept-encoding
Content-Type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
Connection: keep-alive
CF-RAY: 7e5a3fe298ae917c-FRA

Redirect headers

Date: Wed, 12 Jul 2023 15:16:49 GMT
content-encoding: gzip
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Server: cloudflare
Transfer-Encoding: chunked
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/556d0c9f/invisible.js
cache-control: max-age=300, public
Connection: keep-alive
CF-RAY: 7e5a3fe24819917c-FRA

POST
H/1.1 200
OK 7e5a3fd2f9b503b0 Show response
auth.nelnetbank.velocity.nelnet.io/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 5F44 0
620 B 95ms
95ms XHR
text/plain 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.nelnetbank.velocity.nelnet.io/cdn-cgi/challenge-platform/h/b/cv/result/7e5a3fd2f9b503b0

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/cdn-cgi/challenge-platform/scripts/invisible.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 12 Jul 2023 15:16:49 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Content-Encoding: gzip
Server: cloudflare
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Connection: keep-alive
CF-RAY: 7e5a3fe389e8917c-FRA

OPTIONS
H/1.1 204
No Content getScreen
api.velocity.nelnet.io/v6/xpmManager/ Frame 0
0 881ms
744ms Preflight 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v6/xpmManager/getScreen?channel=default&domain=auth.nelnetbank.velocity.nelnet.io&screenId=sign-in

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://auth.nelnetbank.velocity.nelnet.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 3600
CF-Cache-Status: DYNAMIC
CF-RAY: 7e5a3fe55d141a6d-FRA
Connection: keep-alive
Content-Length: 0
Date: Wed, 12 Jul 2023 15:16:50 GMT
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Request-ID: f7b097f0-4a82-44fa-a4ad-8598a6fcdf31
access-control-allow-headers: Access-Control-Allow-Headers,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization

GET
H/1.1 200
OK getScreen Show response
api.velocity.nelnet.io/v6/xpmManager/ 18 KB
6 KB 340ms
340ms XHR
application/json 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v6/xpmManager/getScreen?channel=default&domain=auth.nelnetbank.velocity.nelnet.io&screenId=sign-in

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ce9d7e6fc68a11f26bd655270de9856175e91416ccf74661afba25ef9b4d27b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFjY2Vzczpwcm9kOjIwMjMwNDA1In0.eyJqdGkiOiI1MWZiYjQ0Yi04MGMwLTRiMzctODY4My1kNTNhYWQ2ZGJmYzIiLCJpbm5lciI6Im85N2FpREJiLWtPQnpmcDFrcFl1bS1UbW16OVV6Vkc0U2FzSm1fdlRVOGsucUVWMVF3NmtQMHNTcF9ZaHU4QTVGelZoS0xQcHZtTjMzWlotT2xCQXVGayIsImdyYW50IjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo0NDQ0IiwicmVhbG0iOiJkZWZhdWx0IiwicGVybWlzc2lvbnMiOlsiKi54cG1NZWRpYS5kb3dubG9hZCIseyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEFwcGxpY2F0aW9uQnlEb21haW4iLCJiZWZvcmUiOiJvbmx5QWxsb3dlZERvbWFpbnMifSx7ImFjdGlvbiI6InY2LnhwbU1hbmFnZXIuZ2V0U2NyZWVuIiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEZyYWdtZW50IiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZ2V0IiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjUuZW50aXR5LmZpbmRPbmUiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZmluZCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cGRhdGUiLCJiZWZvcmUiOiJvbmx5Q3VzdG9tZXJFbnRpdHkifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cHNlcnQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuYWRkIiwiYmVmb3JlIjoib25seUN1c3RvbWVyRW50aXR5In0seyJhY3Rpb24iOiJ2NC5xdWVyeS5maW5kIiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5pbnNwZWN0IiwiYmVmb3JlIjoib25seVB1YmxpY0Zsb3dzIn0seyJhY3Rpb24iOiJ2Mi5jb25maWd1cmF0aW9uLmdldCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY0LmlhbS5jcmVhdGVVc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uZ2V0VXNlciIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuaWFtLmdldFVzZXJCeUlkIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0udXNlcmluZm8iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmlhbS5hc3NpZ25Sb2xlVG9Vc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uY3JlYXRlUGFzc3dvcmRSZXNldFRva2VuIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0ucmVzZXRQYXNzd29yZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuZG9jdW1lbnRTaWduZXIuY3JlYXRlQ29uc2VudFJlcXVlc3QiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmRvY3VtZW50U2lnbmVyLmFja25vd2xlZGdlIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2My50ZW1wbGF0ZUVuZ2luZS5yZW5kZXIiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmRvY3VtZW50TWFuYWdlci51cGxvYWQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2Mi5lbWFpbERlbGl2ZXJ5LnNlbmQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsUHJvdmlkZXJTZXMuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRW1haWxEZWxpdmVyeSJ9LHsiYWN0aW9uIjoidjMudGFzay5hZGQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLnRhc2suYnVsa1Rhc2tPcGVyYXRpb24iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsRGVsaXZlcnkuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5zdGFydCIsImJlZm9yZSI6WyJvbmx5UHVibGljRmxvd3MiLCJvbmx5RnJvbVNlcnZpY2VzIl19LHsiYWN0aW9uIjoidjAuZmxvdy5yZXN1bWUiLCJiZWZvcmUiOlsib25seVB1YmxpY0Zsb3dzIiwib25seUZyb21TZXJ2aWNlcyJdfV0sInJvbGVzIjpbImFub255bW91cy11c2VyIl0sInNhdWQiOiJuZWxuZXQiLCJzcmVhbG0iOiJkZWZhdWx0IiwiaWF0IjoxNjg5MTc1MDA5LCJleHAiOjE2ODkyNjE0MDksImF1ZCI6Im5lbG5ldGJhbmsiLCJzdWIiOiJ4cG0tY2hhbm5lbC13ZWIifQ.MGPUTXlNMVTuFXbZKG_kklLUwsA2jMBmu_uc1yLhzTc9eCR5rXAIAtZkHrZoVbXVOgnl3t9PnYxeYRa45DIMCykDIEnlOdvvqU5f3u_3E5mfYymATWoLThSfLrcgelIgb8xz6u70HmAVui9AO8zPajuTz4W6u_kaIvXsW7c0yxFeuGLkGSrWLzHGoQkG11gqNEE6VKG5IFeKITRQX5xjbvtOJJTRZldqduZDRYjG-DMCdX9xPNOjWZMJfkU6b3a4C0wsEvo-9p3Q4XzuYYsCCNyQBAvdGJ7VY4OcNDA-fLqqdLJNWTVvXFuYbUtEA8ldGOvfz_2eEdjxgKGU3CUmQw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 15:16:51 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: gzip
x-permitted-cross-domain-policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Request-ID: 30d94827-2c85-404b-b4e3-1d96d7b7f431
Server: cloudflare
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
cache-control: no-store
x-frame-options: deny
x-robots-tag: none, noimageindex
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
CF-RAY: 7e5a3fe9fb631a6d-FRA

OPTIONS
H/1.1 204
No Content start
api.velocity.nelnet.io/v0/flow/ Frame 0
0 227ms
226ms Preflight 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v0/flow/start

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://auth.nelnetbank.velocity.nelnet.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 3600
CF-Cache-Status: DYNAMIC
CF-RAY: 7e5a3fec3e671a6d-FRA
Connection: keep-alive
Content-Length: 0
Date: Wed, 12 Jul 2023 15:16:51 GMT
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Request-ID: 8f826a8e-78aa-4727-99e5-15057c45119c
access-control-allow-headers: Access-Control-Allow-Headers,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization

OPTIONS
H/1.1 204
No Content getFragment
api.velocity.nelnet.io/v6/xpmManager/ Frame 0
0 830ms
744ms Preflight 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v6/xpmManager/getFragment?channel=default&domain=onboarding.nelnetbank.velocity.nelnet.io&fragmentId=layout%2Fmain

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://auth.nelnetbank.velocity.nelnet.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 3600
CF-Cache-Status: DYNAMIC
CF-RAY: 7e5a3fecdd1e1c73-FRA
Connection: keep-alive
Content-Length: 0
Date: Wed, 12 Jul 2023 15:16:52 GMT
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Request-ID: 0ce9d684-4319-43ec-b9ea-2714d3e5fe11
access-control-allow-headers: Access-Control-Allow-Headers,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization

OPTIONS
H/1.1 204
No Content getLoginInfo
api.velocity.nelnet.io/v4/iam/ Frame 0
0 812ms
727ms Preflight 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v4/iam/getLoginInfo?loginChallenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&realm=default&tenant=nelnetbank

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://auth.nelnetbank.velocity.nelnet.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 3600
CF-Cache-Status: DYNAMIC
CF-RAY: 7e5a3fecdf446945-FRA
Connection: keep-alive
Content-Length: 0
Date: Wed, 12 Jul 2023 15:16:52 GMT
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Request-ID: 96dd35f2-b4c8-4751-9135-cc6b7e4f7a85
access-control-allow-headers: Access-Control-Allow-Headers,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization

POST
H/1.1 200
OK start Show response
api.velocity.nelnet.io/v0/flow/ 170 B
1 KB 329ms
328ms XHR
application/json 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v0/flow/start

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1d3b8f90968f115f6f77168580837d3b73f06ca8cf42a234d3db46598ffa1b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFjY2Vzczpwcm9kOjIwMjMwNDA1In0.eyJqdGkiOiI1MWZiYjQ0Yi04MGMwLTRiMzctODY4My1kNTNhYWQ2ZGJmYzIiLCJpbm5lciI6Im85N2FpREJiLWtPQnpmcDFrcFl1bS1UbW16OVV6Vkc0U2FzSm1fdlRVOGsucUVWMVF3NmtQMHNTcF9ZaHU4QTVGelZoS0xQcHZtTjMzWlotT2xCQXVGayIsImdyYW50IjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo0NDQ0IiwicmVhbG0iOiJkZWZhdWx0IiwicGVybWlzc2lvbnMiOlsiKi54cG1NZWRpYS5kb3dubG9hZCIseyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEFwcGxpY2F0aW9uQnlEb21haW4iLCJiZWZvcmUiOiJvbmx5QWxsb3dlZERvbWFpbnMifSx7ImFjdGlvbiI6InY2LnhwbU1hbmFnZXIuZ2V0U2NyZWVuIiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEZyYWdtZW50IiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZ2V0IiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjUuZW50aXR5LmZpbmRPbmUiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZmluZCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cGRhdGUiLCJiZWZvcmUiOiJvbmx5Q3VzdG9tZXJFbnRpdHkifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cHNlcnQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuYWRkIiwiYmVmb3JlIjoib25seUN1c3RvbWVyRW50aXR5In0seyJhY3Rpb24iOiJ2NC5xdWVyeS5maW5kIiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5pbnNwZWN0IiwiYmVmb3JlIjoib25seVB1YmxpY0Zsb3dzIn0seyJhY3Rpb24iOiJ2Mi5jb25maWd1cmF0aW9uLmdldCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY0LmlhbS5jcmVhdGVVc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uZ2V0VXNlciIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuaWFtLmdldFVzZXJCeUlkIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0udXNlcmluZm8iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmlhbS5hc3NpZ25Sb2xlVG9Vc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uY3JlYXRlUGFzc3dvcmRSZXNldFRva2VuIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0ucmVzZXRQYXNzd29yZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuZG9jdW1lbnRTaWduZXIuY3JlYXRlQ29uc2VudFJlcXVlc3QiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmRvY3VtZW50U2lnbmVyLmFja25vd2xlZGdlIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2My50ZW1wbGF0ZUVuZ2luZS5yZW5kZXIiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmRvY3VtZW50TWFuYWdlci51cGxvYWQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2Mi5lbWFpbERlbGl2ZXJ5LnNlbmQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsUHJvdmlkZXJTZXMuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRW1haWxEZWxpdmVyeSJ9LHsiYWN0aW9uIjoidjMudGFzay5hZGQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLnRhc2suYnVsa1Rhc2tPcGVyYXRpb24iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsRGVsaXZlcnkuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5zdGFydCIsImJlZm9yZSI6WyJvbmx5UHVibGljRmxvd3MiLCJvbmx5RnJvbVNlcnZpY2VzIl19LHsiYWN0aW9uIjoidjAuZmxvdy5yZXN1bWUiLCJiZWZvcmUiOlsib25seVB1YmxpY0Zsb3dzIiwib25seUZyb21TZXJ2aWNlcyJdfV0sInJvbGVzIjpbImFub255bW91cy11c2VyIl0sInNhdWQiOiJuZWxuZXQiLCJzcmVhbG0iOiJkZWZhdWx0IiwiaWF0IjoxNjg5MTc1MDA5LCJleHAiOjE2ODkyNjE0MDksImF1ZCI6Im5lbG5ldGJhbmsiLCJzdWIiOiJ4cG0tY2hhbm5lbC13ZWIifQ.MGPUTXlNMVTuFXbZKG_kklLUwsA2jMBmu_uc1yLhzTc9eCR5rXAIAtZkHrZoVbXVOgnl3t9PnYxeYRa45DIMCykDIEnlOdvvqU5f3u_3E5mfYymATWoLThSfLrcgelIgb8xz6u70HmAVui9AO8zPajuTz4W6u_kaIvXsW7c0yxFeuGLkGSrWLzHGoQkG11gqNEE6VKG5IFeKITRQX5xjbvtOJJTRZldqduZDRYjG-DMCdX9xPNOjWZMJfkU6b3a4C0wsEvo-9p3Q4XzuYYsCCNyQBAvdGJ7VY4OcNDA-fLqqdLJNWTVvXFuYbUtEA8ldGOvfz_2eEdjxgKGU3CUmQw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 12 Jul 2023 15:16:51 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: gzip
x-permitted-cross-domain-policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Request-ID: b2035042-f237-4b1b-a729-538acfa7a079
Server: cloudflare
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
cache-control: no-store
x-frame-options: deny
x-robots-tag: none, noimageindex
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
CF-RAY: 7e5a3feda87d1a6d-FRA

POST
H/1.1 200
OK getFragment
api.velocity.nelnet.io/v6/xpmManager/ 23 KB
7 KB 340ms
340ms XHR
application/json 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v6/xpmManager/getFragment?channel=default&domain=onboarding.nelnetbank.velocity.nelnet.io&fragmentId=layout%2Fmain

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFjY2Vzczpwcm9kOjIwMjMwNDA1In0.eyJqdGkiOiI1MWZiYjQ0Yi04MGMwLTRiMzctODY4My1kNTNhYWQ2ZGJmYzIiLCJpbm5lciI6Im85N2FpREJiLWtPQnpmcDFrcFl1bS1UbW16OVV6Vkc0U2FzSm1fdlRVOGsucUVWMVF3NmtQMHNTcF9ZaHU4QTVGelZoS0xQcHZtTjMzWlotT2xCQXVGayIsImdyYW50IjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo0NDQ0IiwicmVhbG0iOiJkZWZhdWx0IiwicGVybWlzc2lvbnMiOlsiKi54cG1NZWRpYS5kb3dubG9hZCIseyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEFwcGxpY2F0aW9uQnlEb21haW4iLCJiZWZvcmUiOiJvbmx5QWxsb3dlZERvbWFpbnMifSx7ImFjdGlvbiI6InY2LnhwbU1hbmFnZXIuZ2V0U2NyZWVuIiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEZyYWdtZW50IiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZ2V0IiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjUuZW50aXR5LmZpbmRPbmUiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZmluZCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cGRhdGUiLCJiZWZvcmUiOiJvbmx5Q3VzdG9tZXJFbnRpdHkifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cHNlcnQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuYWRkIiwiYmVmb3JlIjoib25seUN1c3RvbWVyRW50aXR5In0seyJhY3Rpb24iOiJ2NC5xdWVyeS5maW5kIiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5pbnNwZWN0IiwiYmVmb3JlIjoib25seVB1YmxpY0Zsb3dzIn0seyJhY3Rpb24iOiJ2Mi5jb25maWd1cmF0aW9uLmdldCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY0LmlhbS5jcmVhdGVVc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uZ2V0VXNlciIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuaWFtLmdldFVzZXJCeUlkIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0udXNlcmluZm8iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmlhbS5hc3NpZ25Sb2xlVG9Vc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uY3JlYXRlUGFzc3dvcmRSZXNldFRva2VuIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0ucmVzZXRQYXNzd29yZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuZG9jdW1lbnRTaWduZXIuY3JlYXRlQ29uc2VudFJlcXVlc3QiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmRvY3VtZW50U2lnbmVyLmFja25vd2xlZGdlIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2My50ZW1wbGF0ZUVuZ2luZS5yZW5kZXIiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmRvY3VtZW50TWFuYWdlci51cGxvYWQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2Mi5lbWFpbERlbGl2ZXJ5LnNlbmQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsUHJvdmlkZXJTZXMuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRW1haWxEZWxpdmVyeSJ9LHsiYWN0aW9uIjoidjMudGFzay5hZGQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLnRhc2suYnVsa1Rhc2tPcGVyYXRpb24iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsRGVsaXZlcnkuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5zdGFydCIsImJlZm9yZSI6WyJvbmx5UHVibGljRmxvd3MiLCJvbmx5RnJvbVNlcnZpY2VzIl19LHsiYWN0aW9uIjoidjAuZmxvdy5yZXN1bWUiLCJiZWZvcmUiOlsib25seVB1YmxpY0Zsb3dzIiwib25seUZyb21TZXJ2aWNlcyJdfV0sInJvbGVzIjpbImFub255bW91cy11c2VyIl0sInNhdWQiOiJuZWxuZXQiLCJzcmVhbG0iOiJkZWZhdWx0IiwiaWF0IjoxNjg5MTc1MDA5LCJleHAiOjE2ODkyNjE0MDksImF1ZCI6Im5lbG5ldGJhbmsiLCJzdWIiOiJ4cG0tY2hhbm5lbC13ZWIifQ.MGPUTXlNMVTuFXbZKG_kklLUwsA2jMBmu_uc1yLhzTc9eCR5rXAIAtZkHrZoVbXVOgnl3t9PnYxeYRa45DIMCykDIEnlOdvvqU5f3u_3E5mfYymATWoLThSfLrcgelIgb8xz6u70HmAVui9AO8zPajuTz4W6u_kaIvXsW7c0yxFeuGLkGSrWLzHGoQkG11gqNEE6VKG5IFeKITRQX5xjbvtOJJTRZldqduZDRYjG-DMCdX9xPNOjWZMJfkU6b3a4C0wsEvo-9p3Q4XzuYYsCCNyQBAvdGJ7VY4OcNDA-fLqqdLJNWTVvXFuYbUtEA8ldGOvfz_2eEdjxgKGU3CUmQw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 12 Jul 2023 15:16:52 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: gzip
x-permitted-cross-domain-policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Request-ID: 944d829d-9d5a-4358-a0c8-c4d5753fb137
Server: cloudflare
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
cache-control: no-store
x-frame-options: deny
x-robots-tag: none, noimageindex
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
CF-RAY: 7e5a3ff17cb81c73-FRA

GET
H/1.1 409
Conflict getLoginInfo
api.velocity.nelnet.io/v4/iam/ 287 B
1 KB 301ms
301ms XHR
application/json 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v4/iam/getLoginInfo?loginChallenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&realm=default&tenant=nelnetbank

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFjY2Vzczpwcm9kOjIwMjMwNDA1In0.eyJqdGkiOiI1MWZiYjQ0Yi04MGMwLTRiMzctODY4My1kNTNhYWQ2ZGJmYzIiLCJpbm5lciI6Im85N2FpREJiLWtPQnpmcDFrcFl1bS1UbW16OVV6Vkc0U2FzSm1fdlRVOGsucUVWMVF3NmtQMHNTcF9ZaHU4QTVGelZoS0xQcHZtTjMzWlotT2xCQXVGayIsImdyYW50IjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo0NDQ0IiwicmVhbG0iOiJkZWZhdWx0IiwicGVybWlzc2lvbnMiOlsiKi54cG1NZWRpYS5kb3dubG9hZCIseyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEFwcGxpY2F0aW9uQnlEb21haW4iLCJiZWZvcmUiOiJvbmx5QWxsb3dlZERvbWFpbnMifSx7ImFjdGlvbiI6InY2LnhwbU1hbmFnZXIuZ2V0U2NyZWVuIiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEZyYWdtZW50IiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZ2V0IiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjUuZW50aXR5LmZpbmRPbmUiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZmluZCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cGRhdGUiLCJiZWZvcmUiOiJvbmx5Q3VzdG9tZXJFbnRpdHkifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cHNlcnQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuYWRkIiwiYmVmb3JlIjoib25seUN1c3RvbWVyRW50aXR5In0seyJhY3Rpb24iOiJ2NC5xdWVyeS5maW5kIiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5pbnNwZWN0IiwiYmVmb3JlIjoib25seVB1YmxpY0Zsb3dzIn0seyJhY3Rpb24iOiJ2Mi5jb25maWd1cmF0aW9uLmdldCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY0LmlhbS5jcmVhdGVVc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uZ2V0VXNlciIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuaWFtLmdldFVzZXJCeUlkIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0udXNlcmluZm8iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmlhbS5hc3NpZ25Sb2xlVG9Vc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uY3JlYXRlUGFzc3dvcmRSZXNldFRva2VuIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0ucmVzZXRQYXNzd29yZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuZG9jdW1lbnRTaWduZXIuY3JlYXRlQ29uc2VudFJlcXVlc3QiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmRvY3VtZW50U2lnbmVyLmFja25vd2xlZGdlIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2My50ZW1wbGF0ZUVuZ2luZS5yZW5kZXIiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmRvY3VtZW50TWFuYWdlci51cGxvYWQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2Mi5lbWFpbERlbGl2ZXJ5LnNlbmQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsUHJvdmlkZXJTZXMuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRW1haWxEZWxpdmVyeSJ9LHsiYWN0aW9uIjoidjMudGFzay5hZGQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLnRhc2suYnVsa1Rhc2tPcGVyYXRpb24iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsRGVsaXZlcnkuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5zdGFydCIsImJlZm9yZSI6WyJvbmx5UHVibGljRmxvd3MiLCJvbmx5RnJvbVNlcnZpY2VzIl19LHsiYWN0aW9uIjoidjAuZmxvdy5yZXN1bWUiLCJiZWZvcmUiOlsib25seVB1YmxpY0Zsb3dzIiwib25seUZyb21TZXJ2aWNlcyJdfV0sInJvbGVzIjpbImFub255bW91cy11c2VyIl0sInNhdWQiOiJuZWxuZXQiLCJzcmVhbG0iOiJkZWZhdWx0IiwiaWF0IjoxNjg5MTc1MDA5LCJleHAiOjE2ODkyNjE0MDksImF1ZCI6Im5lbG5ldGJhbmsiLCJzdWIiOiJ4cG0tY2hhbm5lbC13ZWIifQ.MGPUTXlNMVTuFXbZKG_kklLUwsA2jMBmu_uc1yLhzTc9eCR5rXAIAtZkHrZoVbXVOgnl3t9PnYxeYRa45DIMCykDIEnlOdvvqU5f3u_3E5mfYymATWoLThSfLrcgelIgb8xz6u70HmAVui9AO8zPajuTz4W6u_kaIvXsW7c0yxFeuGLkGSrWLzHGoQkG11gqNEE6VKG5IFeKITRQX5xjbvtOJJTRZldqduZDRYjG-DMCdX9xPNOjWZMJfkU6b3a4C0wsEvo-9p3Q4XzuYYsCCNyQBAvdGJ7VY4OcNDA-fLqqdLJNWTVvXFuYbUtEA8ldGOvfz_2eEdjxgKGU3CUmQw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 15:16:52 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
x-permitted-cross-domain-policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Request-ID: 50ffdb46-5bc8-45ed-95d0-7ec04568680f
Server: cloudflare
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
cache-control: no-store
x-frame-options: deny
x-robots-tag: none, noimageindex
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
CF-RAY: 7e5a3ff15d9c6945-FRA

GET
H3 200 css
fonts.googleapis.com/ 865 B
422 B 51ms
50ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Red+Hat%20Display:400,400,400&display=swap

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8bea9537bdce4412b95f6fd0028498d2de43cfed81751832db69213910d71af7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Jul 2023 15:16:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 15:16:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Jul 2023 15:16:51 GMT

GET
H2 200 fs.js Show response
edge.fullstory.com/s/ 247 KB
68 KB 140ms
43ms Script
application/javascript 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 005b5900b7c883605a51064c4d229f497c8ba63718c411f74a071316b33d2e1f

Request headers

Referer: https://auth.nelnetbank.velocity.nelnet.io/
Origin: https://auth.nelnetbank.velocity.nelnet.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 14:54:48 GMT
content-encoding: br
age: 1323
x-guploader-uploadid: ADPycdukCvOAAS1Miz97J6DzGZAZH69dNoFoAqzIyN5fJ9EUeCYLhUr1xNxaGSEHkKavrZ9dGzoEqSer7MoJ40Qe6KlKeB18fUmX
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68503
last-modified: Wed, 28 Jun 2023 13:26:56 GMT
server: UploadServer
etag: "c431892ce89bbd56f16f65946a7f758f"
vary: Accept-Encoding
x-goog-generation: 1687958816246082
x-goog-hash: crc32c=2Iq53w==, md5=xDGJLOibvVbxb2WUan91jw==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 68503
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 12 Jul 2023 15:54:48 GMT

GET
H2 200 pendo.js Show response
cdn.pendo.io/agent/static/4c13730d-d0b7-4d47-614f-067ea29702ac/ 425 KB
141 KB 388ms
272ms Script
application/javascript 2600:9000:223f:3c00:1f:aa31:7740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pendo.io/agent/static/4c13730d-d0b7-4d47-614f-067ea29702ac/pendo.js
Requested by: Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:3c00:1f:aa31:7740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2a5b45dd195ce7679093333ebd2e6dce2caf1914071786967cf7702a5269709a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 15:16:51 GMT
content-encoding: gzip
via: 1.1 1fd323b9134f7d940dac0d007036a604.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-guploader-uploadid: ADPycduKpOucKlkvrp09_WEZG-7Ww8SE3LwkesdF9HhQY7ySlxh52vTWwAjN0zUM49CicnWJmuZ2NaO5NbYST1Nltc3CBE10EFDy
x-cache: Miss from cloudfront
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 143607
last-modified: Thu, 06 Jul 2023 18:09:58 GMT
server: UploadServer
etag: "9055b04a8c50e34002e88ade65fbc757"
vary: Accept-Encoding
x-goog-generation: 1688666998367140
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=CdeBGA==, md5=kFWwSoxQ40AC6IreZfvHVw==
access-control-expose-headers: *
cache-control: max-age=450
x-goog-stored-content-length: 143607
accept-ranges: bytes
x-amz-cf-id: 9ycKov_C_IlxGIZS2QI-eoE4tAzfY9VrBVT9z0_noFN4z42eNCvDUg==
expires: Wed, 12 Jul 2023 15:24:21 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 203 KB
70 KB 149ms
62ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WS9ZX6K

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2582952784e1c10898ae8ed46b3a41e5e63eaaa3454df80d000fad2e142b1ee7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 15:16:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70994
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 12 Jul 2023 15:16:51 GMT

GET
H2 200 web Show response
edge.fullstory.com/s/settings/BB4ET/v1/ 5 KB
2 KB 359ms
359ms XHR
application/json 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/settings/BB4ET/v1/web
Requested by: Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 145d08f31dcd15d73039e287e41179a4f2a6b69baf49342281cd3e93f6ad8a15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 15:16:51 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduHz2OkQJrWLotj3ROJ4IBc6pIU0fyq9w4SGVcfIRPgr7kkaxrTk62c7i8X7yDVGtjhhAJstg-lyVf703MJqg6D4Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1389
last-modified: Wed, 12 Jul 2023 15:10:39 GMT
server: UploadServer
etag: "10b655e0fa25c1d5ef1a768f75b264b4"
x-goog-generation: 1689174639859143
content-type: application/json
access-control-allow-origin: *
x-goog-hash: crc32c=Fhap9A==, md5=ELZV4PolwdXvGnaPdbJktA==
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=900,no-transform
x-goog-stored-content-length: 1389
accept-ranges: bytes
expires: Wed, 12 Jul 2023 15:31:51 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 136ms
39ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WS9ZX6K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 12 Jul 2023 15:04:37 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 734
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 12 Jul 2023 17:04:37 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 261 KB
87 KB 59ms
59ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-E85CJLWCP7&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WS9ZX6K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1cda1efc54f1d77de6ade75988bb64ba4a6ad4f60d54e82f21acf0100ff3f345

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 15:16:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89374
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 12 Jul 2023 15:16:51 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
267 B 139ms
48ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-E85CJLWCP7&gtm=45je37a0&_p=631438803&cid=1386801288.1689175012&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1689175011&sct=1&seg=0&dl=https%3A%2F%2Fauth.nelnetbank.velocity.nelnet.io%2Fsign-in%3Flogin_challenge%3D9bb6cbd10e45416aa3a6f1f1580ce8ca%26tenant%3Dnelnetbank&dt=Sign%20In&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-E85CJLWCP7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 15:16:51 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://auth.nelnetbank.velocity.nelnet.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 131ms
49ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-E85CJLWCP7&gtm=45je37a0&_p=631438803&cid=1386801288.1689175012&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=2&sid=1689175011&sct=1&seg=0&dl=https%3A%2F%2Fauth.nelnetbank.velocity.nelnet.io%2Fsign-in%3Flogin_challenge%3D9bb6cbd10e45416aa3a6f1f1580ce8ca%26tenant%3Dnelnetbank&dt=Sign%20In&en=sign_in&_et=3
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-E85CJLWCP7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 15:16:51 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://auth.nelnetbank.velocity.nelnet.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
160 B 47ms
47ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=631438803&t=pageview&_s=1&dl=https%3A%2F%2Fauth.nelnetbank.velocity.nelnet.io%2Fsign-in%3Flogin_challenge%3D9bb6cbd10e45416aa3a6f1f1580ce8ca%26tenant%3Dnelnetbank&ul=en-us&de=UTF-8&dt=Sign%20In&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAAI~&jid=1951506589&gjid=915134682&cid=1386801288.1689175012&tid=UA-180194408-1&_gid=563695350.1689175012&_r=1&_slc=1&gtm=45He37a0n81WS9ZX6K&z=1625418803

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 15:16:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://auth.nelnetbank.velocity.nelnet.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 40ms
39ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=631438803&t=event&ni=0&_s=1&dl=https%3A%2F%2Fauth.nelnetbank.velocity.nelnet.io%2Fsign-in%3Flogin_challenge%3D9bb6cbd10e45416aa3a6f1f1580ce8ca%26tenant%3Dnelnetbank&ul=en-us&de=UTF-8&dt=Sign%20In&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=velocity%20funnel&ea=view&el=sign%20in&_u=YCDACEABBAAAACAAI~&jid=&gjid=&cid=1386801288.1689175012&tid=UA-180194408-1&_gid=563695350.1689175012&gtm=45He37a0n81WS9ZX6K&z=135602782

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Jul 2023 08:28:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 24501
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
359 B 153ms
48ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-180194408-1&cid=1386801288.1689175012&jid=1951506589&gjid=915134682&_gid=563695350.1689175012&_u=YCDACEAABAAAACAAI~&z=432972982

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 12 Jul 2023 15:16:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://auth.nelnetbank.velocity.nelnet.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK chat
chat.nelnetbank.velocity.nelnet.io/ Frame 0834 2 KB
1 KB 1080ms
852ms Document
text/html 2606:4700::6812:bcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://chat.nelnetbank.velocity.nelnet.io/chat

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&tenant=nelnetbank

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' blob: localhost https://uwfchat.nelnet.net:446; object-src 'self' blob:;
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://auth.nelnetbank.velocity.nelnet.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 7e5a3ff139d53639-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: frame-src 'self' blob: localhost https://uwfchat.nelnet.net:446; object-src 'self' blob:;
Content-Type: text/html; charset=utf-8
Date: Wed, 12 Jul 2023 15:16:52 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Request-ID: 1dd407e4-0a38-4dce-b9ce-48b8929ad82b
X-XSS-Protection: 1; mode=block

POST
H2 202 rum
rum.browser-intake-datadoghq.com/api/v2/ 0
0 550ms
280ms Ping
application/json 2600:1f18:24e6:b902:a1bc:5be6:b86c:6c2a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.11.2%2Cenv%3Aproduction%2Cservice%3Aauth.nelnetbank.velocity.nelnet.io%2Cversion%3A2.11.1&dd-api-key=pub30e3d3898f35d177802c0ed44a761bae&dd-evp-origin-version=4.11.2&dd-evp-origin=browser&dd-request-id=bb159447-c984-4f0f-a24c-e03b0772e5b1&batch_time=1689175011793
Requested by: Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:a1bc:5be6:b86c:6c2a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 page Show response
rs.fullstory.com/rec/ 6 KB
2 KB 336ms
162ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/page
Requested by: Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 930f7f17692532a702caa871815258bb396bfd4c1ed90b1186607cd75abe4414

Request headers

Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 12 Jul 2023 15:16:52 GMT
content-encoding: gzip
via: 1.1 google
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.nelnetbank.velocity.nelnet.io
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1588

GET
H2 200 4c13730d-d0b7-4d47-614f-067ea29702ac
data.pendo.io/data/ptm.gif/ 42 B
114 B 361ms
239ms Image
image/gif 34.149.155.70
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://data.pendo.io/data/ptm.gif/4c13730d-d0b7-4d47-614f-067ea29702ac?v=2.192.1_prod&ct=1689175011911&jzb=eJzlUkuP0zAQ_i8-cCqJndej0gohoGLRqqzY9rAgZE2SaWpw7ChxS8uq_30ntMruqcChp62UqBn7m5nv8e2BuX2LbMpUhcap1Z5NWNHZXz120qmGTkSS5SKNuRA5Dydsq3rlbCdVRSB5-2H-_rNcyPmPT9F9M0tn-IUaQFnajXHHO7u2kRLall4bt_YMaoOuAPPT26K2pXL7U81TlrCbThNo7VzbT33_7xC_V7V5rcwbbWtlZLkGrdHUeJUXRVIWleAYxZFIAEJIVmIl4oyXmJXwyqEB466eutP0trNtz6YPzOpK_gvV4d5zumaj9aVFOtCe0JFdCyiux5nu-MEMfxct6-s1ZnOebusFjVp10OCfw5s7nH3c3f--vVmGO82_Dm7vHRLlWISHyZiGBh2cTUL0YpJwojn8PcdUg6k3UA_ioZHLu8GlE_sR-p8CHNc6mvq02uj-27E7lSpww2gR-Dz1Ax6EhN9i1ytrqBx4IqdHEqnqQvFJgmfx0Raqs_GJX0x8BilOAgQJDz2e0y-L0kgE4iJOhJk4fH8E3iz2TQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.155.70 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

70.155.149.34.bc.googleusercontent.com

Software

istio-envoy /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 15:16:52 GMT
via: 1.1 google
x-content-type-options: nosniff
server: istio-envoy
access-control-max-age: 600
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
access-control-allow-credentials: false
x-envoy-upstream-service-time: 87
access-control-allow-headers: *
content-length: 42
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 4c13730d-d0b7-4d47-614f-067ea29702ac Show response
data.pendo.io/data/guide.js/ 446 B
406 B 277ms
157ms Script
application/javascript 34.149.155.70
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://data.pendo.io/data/guide.js/4c13730d-d0b7-4d47-614f-067ea29702ac?id=4&jzb=eJyVkE9Lw0AQxb_LHjxpkk3TtA0UEbSghyr-OXhaJptpsrqZXZJJUaTfvdsq0ZPiYUN4zO_Ne_MhtqY37LrrShRC3V2tL2_Vo1q_3GTP7Wq2wntxKkBrNxAfR958qxR4Hz4DNxGhJeQS6DXaonXa8PuXFhkX0KGzAWqYfV_E8d9I3JuazgydW1cbUroBa5FqXC7KMtdlJRPMppnMASaQb-RGTueJxrmGE0YC4uW3e9jeIkMFDKIYex5-zS9dLVA9QI1hAkk9PYjd2H9E_3mDz2TH6_1IF3w9dEh8MboHKaQ9rJZpnMziNEkngd9i1xtHQU4juQhP-c5VYrfbA-74mAA&v=2.192.1_prod&ct=1689175011913

Requested by

Host: cdn.pendo.io
URL: https://cdn.pendo.io/agent/static/4c13730d-d0b7-4d47-614f-067ea29702ac/pendo.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.155.70 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

70.155.149.34.bc.googleusercontent.com

Software

istio-envoy /

Resource Hash

48b679bb27c0085286fe8d6354e7dd6be02ef3631d7cc03b3c12465441211c97

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 15:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 google
server: istio-envoy
access-control-max-age: 600
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: false
x-envoy-upstream-service-time: 4
access-control-allow-headers: *
content-length: 320
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 4c13730d-d0b7-4d47-614f-067ea29702ac
data.pendo.io/data/guide.gif/ 42 B
350 B 276ms
157ms Image
image/gif 34.149.155.70
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://data.pendo.io/data/guide.gif/4c13730d-d0b7-4d47-614f-067ea29702ac?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1689175011914&v=2.192.1_prod

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.155.70 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

70.155.149.34.bc.googleusercontent.com

Software

istio-envoy /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 15:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 google
server: istio-envoy
access-control-max-age: 600
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
access-control-allow-credentials: false
x-envoy-upstream-service-time: 4
access-control-allow-headers: *
content-length: 57
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 202 rum
rum.browser-intake-datadoghq.com/api/v2/ 0
0 125ms
125ms Ping
application/json 2600:1f18:24e6:b902:a1bc:5be6:b86c:6c2a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.11.2%2Cenv%3Aproduction%2Cservice%3Aauth.nelnetbank.velocity.nelnet.io%2Cversion%3A2.11.1&dd-api-key=pub30e3d3898f35d177802c0ed44a761bae&dd-evp-origin-version=4.11.2&dd-evp-origin=browser&dd-request-id=58374021-9bdd-4d90-aef5-326bbac2d1f6&batch_time=1689175012348
Requested by: Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:a1bc:5be6:b86c:6c2a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1

200
OK

Primary Request sign-in
auth.nelnetbank.velocity.nelnet.io/
Redirect Chain

https://api.velocity.nelnet.io/v4/iam/oauth2/auth?redirect_uri=https%3A%2F%2Fauth.nelnetbank.velocity.nelnet.io%2Fcallback&client_id=nelnetbank-auth-app&response_type=code&state=y5-7DJMZvk7IQQMSWAb...
https://api.velocity.nelnet.io/v4/iam/oauth2/redirect?login_challenge=b2603ba9f40544779e8aaa915a12603b&realm=default&tenant=nelnetbank
https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=b2603ba9f40544779e8aaa915a12603b&tenant=nelnetbank

2 KB
0

335ms
333ms

Document
text/html

2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=b2603ba9f40544779e8aaa915a12603b&tenant=nelnetbank

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/application-2f3a904c5ab2dc45a314.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' blob: localhost https://chat.nelnetbank.velocity.nelnet.io ; object-src 'self' blob:;
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://auth.nelnetbank.velocity.nelnet.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 7e5a3ffe39a203b0-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: frame-src 'self' blob: localhost https://chat.nelnetbank.velocity.nelnet.io ; object-src 'self' blob:;
Content-Type: text/html; charset=utf-8
Date: Wed, 12 Jul 2023 15:16:54 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Request-ID: f88940eb-7b43-4b7d-a684-0f0fc06c81b4
X-XSS-Protection: 1; mode=block

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 7e5a3ff9ab0d366b-FRA
Connection: keep-alive
Content-Length: 0
Date: Wed, 12 Jul 2023 15:16:54 GMT
Location: https://auth.nelnetbank.velocity.nelnet.io/sign-in?login_challenge=b2603ba9f40544779e8aaa915a12603b&tenant=nelnetbank
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Request-ID: 8be7824c-7f36-4009-b333-059c3539800f
cache-control: no-store
x-content-type-options: nosniff
x-frame-options: deny
x-permitted-cross-domain-policies: none
x-robots-tag: none, noimageindex

OPTIONS
H/1.1 204
No Content start
api.velocity.nelnet.io/v0/flow/ Frame 0
0 232ms
232ms Preflight 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v0/flow/start

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://auth.nelnetbank.velocity.nelnet.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 3600
CF-Cache-Status: DYNAMIC
CF-RAY: 7e5a3ff539891c73-FRA
Connection: keep-alive
Content-Length: 0
Date: Wed, 12 Jul 2023 15:16:52 GMT
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Request-ID: 8f31389f-abe2-4ad2-91b9-68a4a573d1a4
access-control-allow-headers: Access-Control-Allow-Headers,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization

OPTIONS
H/1.1 204
No Content start
api.velocity.nelnet.io/v0/flow/ Frame 0
0 218ms
218ms Preflight 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v0/flow/start

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://auth.nelnetbank.velocity.nelnet.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 3600
CF-Cache-Status: DYNAMIC
CF-RAY: 7e5a3ff53a426945-FRA
Connection: keep-alive
Content-Length: 0
Date: Wed, 12 Jul 2023 15:16:52 GMT
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Request-ID: 214d6271-5960-4a85-b276-95cd37f00753
access-control-allow-headers: Access-Control-Allow-Headers,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization

GET
H/1.1 200
OK download
api.velocity.nelnet.io/v3/xpmMedia/ 4 KB
2 KB 873ms
789ms Image
image/svg+xml 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.velocity.nelnet.io/v3/xpmMedia/download?tenantId=nelnetbank&filename=logo.svg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 15:16:53 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: gzip
x-permitted-cross-domain-policies: none
Server: cloudflare
Transfer-Encoding: chunked
x-frame-options: deny
Content-Type: image/svg+xml
Vary: Accept-Encoding
Connection: keep-alive
x-robots-tag: none, noimageindex
CF-RAY: 7e5a3ff5b81d3618-FRA
X-Request-ID: 8336d6d6-5289-4273-ac32-70935dcf8f4e

POST
H/1.1 200
OK start
api.velocity.nelnet.io/v0/flow/ 170 B
1 KB 352ms
352ms XHR
application/json 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v0/flow/start

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFjY2Vzczpwcm9kOjIwMjMwNDA1In0.eyJqdGkiOiI1MWZiYjQ0Yi04MGMwLTRiMzctODY4My1kNTNhYWQ2ZGJmYzIiLCJpbm5lciI6Im85N2FpREJiLWtPQnpmcDFrcFl1bS1UbW16OVV6Vkc0U2FzSm1fdlRVOGsucUVWMVF3NmtQMHNTcF9ZaHU4QTVGelZoS0xQcHZtTjMzWlotT2xCQXVGayIsImdyYW50IjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo0NDQ0IiwicmVhbG0iOiJkZWZhdWx0IiwicGVybWlzc2lvbnMiOlsiKi54cG1NZWRpYS5kb3dubG9hZCIseyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEFwcGxpY2F0aW9uQnlEb21haW4iLCJiZWZvcmUiOiJvbmx5QWxsb3dlZERvbWFpbnMifSx7ImFjdGlvbiI6InY2LnhwbU1hbmFnZXIuZ2V0U2NyZWVuIiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEZyYWdtZW50IiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZ2V0IiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjUuZW50aXR5LmZpbmRPbmUiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZmluZCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cGRhdGUiLCJiZWZvcmUiOiJvbmx5Q3VzdG9tZXJFbnRpdHkifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cHNlcnQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuYWRkIiwiYmVmb3JlIjoib25seUN1c3RvbWVyRW50aXR5In0seyJhY3Rpb24iOiJ2NC5xdWVyeS5maW5kIiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5pbnNwZWN0IiwiYmVmb3JlIjoib25seVB1YmxpY0Zsb3dzIn0seyJhY3Rpb24iOiJ2Mi5jb25maWd1cmF0aW9uLmdldCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY0LmlhbS5jcmVhdGVVc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uZ2V0VXNlciIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuaWFtLmdldFVzZXJCeUlkIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0udXNlcmluZm8iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmlhbS5hc3NpZ25Sb2xlVG9Vc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uY3JlYXRlUGFzc3dvcmRSZXNldFRva2VuIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0ucmVzZXRQYXNzd29yZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuZG9jdW1lbnRTaWduZXIuY3JlYXRlQ29uc2VudFJlcXVlc3QiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmRvY3VtZW50U2lnbmVyLmFja25vd2xlZGdlIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2My50ZW1wbGF0ZUVuZ2luZS5yZW5kZXIiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmRvY3VtZW50TWFuYWdlci51cGxvYWQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2Mi5lbWFpbERlbGl2ZXJ5LnNlbmQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsUHJvdmlkZXJTZXMuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRW1haWxEZWxpdmVyeSJ9LHsiYWN0aW9uIjoidjMudGFzay5hZGQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLnRhc2suYnVsa1Rhc2tPcGVyYXRpb24iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsRGVsaXZlcnkuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5zdGFydCIsImJlZm9yZSI6WyJvbmx5UHVibGljRmxvd3MiLCJvbmx5RnJvbVNlcnZpY2VzIl19LHsiYWN0aW9uIjoidjAuZmxvdy5yZXN1bWUiLCJiZWZvcmUiOlsib25seVB1YmxpY0Zsb3dzIiwib25seUZyb21TZXJ2aWNlcyJdfV0sInJvbGVzIjpbImFub255bW91cy11c2VyIl0sInNhdWQiOiJuZWxuZXQiLCJzcmVhbG0iOiJkZWZhdWx0IiwiaWF0IjoxNjg5MTc1MDA5LCJleHAiOjE2ODkyNjE0MDksImF1ZCI6Im5lbG5ldGJhbmsiLCJzdWIiOiJ4cG0tY2hhbm5lbC13ZWIifQ.MGPUTXlNMVTuFXbZKG_kklLUwsA2jMBmu_uc1yLhzTc9eCR5rXAIAtZkHrZoVbXVOgnl3t9PnYxeYRa45DIMCykDIEnlOdvvqU5f3u_3E5mfYymATWoLThSfLrcgelIgb8xz6u70HmAVui9AO8zPajuTz4W6u_kaIvXsW7c0yxFeuGLkGSrWLzHGoQkG11gqNEE6VKG5IFeKITRQX5xjbvtOJJTRZldqduZDRYjG-DMCdX9xPNOjWZMJfkU6b3a4C0wsEvo-9p3Q4XzuYYsCCNyQBAvdGJ7VY4OcNDA-fLqqdLJNWTVvXFuYbUtEA8ldGOvfz_2eEdjxgKGU3CUmQw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 12 Jul 2023 15:16:53 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: gzip
x-permitted-cross-domain-policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Request-ID: 9019fd6a-12e6-4d58-bf82-0d0d9b3abd18
Server: cloudflare
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
cache-control: no-store
x-frame-options: deny
x-robots-tag: none, noimageindex
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
CF-RAY: 7e5a3ff6ac051c73-FRA

POST
H/1.1 200
OK start
api.velocity.nelnet.io/v0/flow/ 300 B
1 KB 356ms
355ms XHR
application/json 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.velocity.nelnet.io/v0/flow/start

Requested by

Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny

Request headers

Accept: application/json, text/plain, */*
Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImFjY2Vzczpwcm9kOjIwMjMwNDA1In0.eyJqdGkiOiI1MWZiYjQ0Yi04MGMwLTRiMzctODY4My1kNTNhYWQ2ZGJmYzIiLCJpbm5lciI6Im85N2FpREJiLWtPQnpmcDFrcFl1bS1UbW16OVV6Vkc0U2FzSm1fdlRVOGsucUVWMVF3NmtQMHNTcF9ZaHU4QTVGelZoS0xQcHZtTjMzWlotT2xCQXVGayIsImdyYW50IjoiY2xpZW50X2NyZWRlbnRpYWxzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo0NDQ0IiwicmVhbG0iOiJkZWZhdWx0IiwicGVybWlzc2lvbnMiOlsiKi54cG1NZWRpYS5kb3dubG9hZCIseyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEFwcGxpY2F0aW9uQnlEb21haW4iLCJiZWZvcmUiOiJvbmx5QWxsb3dlZERvbWFpbnMifSx7ImFjdGlvbiI6InY2LnhwbU1hbmFnZXIuZ2V0U2NyZWVuIiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2Ni54cG1NYW5hZ2VyLmdldEZyYWdtZW50IiwiYmVmb3JlIjoib25seUFsbG93ZWREb21haW5zIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZ2V0IiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjUuZW50aXR5LmZpbmRPbmUiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuZmluZCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cGRhdGUiLCJiZWZvcmUiOiJvbmx5Q3VzdG9tZXJFbnRpdHkifSx7ImFjdGlvbiI6InY1LmVudGl0eS51cHNlcnQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2NS5lbnRpdHkuYWRkIiwiYmVmb3JlIjoib25seUN1c3RvbWVyRW50aXR5In0seyJhY3Rpb24iOiJ2NC5xdWVyeS5maW5kIiwiYmVmb3JlIjoib25seUZyb21TZXJ2aWNlcyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5pbnNwZWN0IiwiYmVmb3JlIjoib25seVB1YmxpY0Zsb3dzIn0seyJhY3Rpb24iOiJ2Mi5jb25maWd1cmF0aW9uLmdldCIsImJlZm9yZSI6Im9ubHlGcm9tU2VydmljZXMifSx7ImFjdGlvbiI6InY0LmlhbS5jcmVhdGVVc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uZ2V0VXNlciIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuaWFtLmdldFVzZXJCeUlkIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0udXNlcmluZm8iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmlhbS5hc3NpZ25Sb2xlVG9Vc2VyIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0uY3JlYXRlUGFzc3dvcmRSZXNldFRva2VuIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2NC5pYW0ucmVzZXRQYXNzd29yZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjQuZG9jdW1lbnRTaWduZXIuY3JlYXRlQ29uc2VudFJlcXVlc3QiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InY0LmRvY3VtZW50U2lnbmVyLmFja25vd2xlZGdlIiwiYmVmb3JlIjoib25seUZyb21GbG93In0seyJhY3Rpb24iOiJ2My50ZW1wbGF0ZUVuZ2luZS5yZW5kZXIiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmRvY3VtZW50TWFuYWdlci51cGxvYWQiLCJiZWZvcmUiOiJvbmx5RnJvbVNlcnZpY2VzIn0seyJhY3Rpb24iOiJ2Mi5lbWFpbERlbGl2ZXJ5LnNlbmQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsUHJvdmlkZXJTZXMuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRW1haWxEZWxpdmVyeSJ9LHsiYWN0aW9uIjoidjMudGFzay5hZGQiLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLnRhc2suYnVsa1Rhc2tPcGVyYXRpb24iLCJiZWZvcmUiOiJvbmx5RnJvbUZsb3cifSx7ImFjdGlvbiI6InYzLmVtYWlsRGVsaXZlcnkuc2VuZCIsImJlZm9yZSI6Im9ubHlGcm9tRmxvdyJ9LHsiYWN0aW9uIjoidjAuZmxvdy5zdGFydCIsImJlZm9yZSI6WyJvbmx5UHVibGljRmxvd3MiLCJvbmx5RnJvbVNlcnZpY2VzIl19LHsiYWN0aW9uIjoidjAuZmxvdy5yZXN1bWUiLCJiZWZvcmUiOlsib25seVB1YmxpY0Zsb3dzIiwib25seUZyb21TZXJ2aWNlcyJdfV0sInJvbGVzIjpbImFub255bW91cy11c2VyIl0sInNhdWQiOiJuZWxuZXQiLCJzcmVhbG0iOiJkZWZhdWx0IiwiaWF0IjoxNjg5MTc1MDA5LCJleHAiOjE2ODkyNjE0MDksImF1ZCI6Im5lbG5ldGJhbmsiLCJzdWIiOiJ4cG0tY2hhbm5lbC13ZWIifQ.MGPUTXlNMVTuFXbZKG_kklLUwsA2jMBmu_uc1yLhzTc9eCR5rXAIAtZkHrZoVbXVOgnl3t9PnYxeYRa45DIMCykDIEnlOdvvqU5f3u_3E5mfYymATWoLThSfLrcgelIgb8xz6u70HmAVui9AO8zPajuTz4W6u_kaIvXsW7c0yxFeuGLkGSrWLzHGoQkG11gqNEE6VKG5IFeKITRQX5xjbvtOJJTRZldqduZDRYjG-DMCdX9xPNOjWZMJfkU6b3a4C0wsEvo-9p3Q4XzuYYsCCNyQBAvdGJ7VY4OcNDA-fLqqdLJNWTVvXFuYbUtEA8ldGOvfz_2eEdjxgKGU3CUmQw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

Date: Wed, 12 Jul 2023 15:16:53 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: gzip
x-permitted-cross-domain-policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Request-ID: 0e60cbf9-b647-40e8-9abe-0b7cc9840af1
Server: cloudflare
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: GET, OPTIONS, POST, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
cache-control: no-store
x-frame-options: deny
x-robots-tag: none, noimageindex
Access-Control-Allow-Headers: Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
CF-RAY: 7e5a3ff69c1b6945-FRA

GET
H2 200 8vIf7wUr0m80wwYf0QCXZzYzUoTK8RZQvRd-D1NYbmyWQk8z-A.woff2
fonts.gstatic.com/s/redhatdisplay/v14/ 12 KB
13 KB 128ms
40ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/redhatdisplay/v14/8vIf7wUr0m80wwYf0QCXZzYzUoTK8RZQvRd-D1NYbmyWQk8z-A.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Red+Hat%20Display:400,400,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://auth.nelnetbank.velocity.nelnet.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 20:52:30 GMT
x-content-type-options: nosniff
age: 411862
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12320
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 17:54:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jul 2024 20:52:30 GMT

GET
H3 200 icon
fonts.googleapis.com/ Frame 0834 569 B
366 B 51ms
49ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: chat.nelnetbank.velocity.nelnet.io
URL: https://chat.nelnetbank.velocity.nelnet.io/chat

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chat.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Jul 2023 15:16:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 15:16:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Jul 2023 15:16:52 GMT

GET
H/1.1 200
OK vendors-2f3a904c5ab2dc45a314.js
chat.nelnetbank.velocity.nelnet.io/_static/ Frame 0834 2 MB
591 KB 663ms
662ms Script
application/javascript 2606:4700::6812:bcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://chat.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Requested by

Host: chat.nelnetbank.velocity.nelnet.io
URL: https://chat.nelnetbank.velocity.nelnet.io/chat

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chat.nelnetbank.velocity.nelnet.io/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 15:16:53 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Thu, 01 Jun 2023 17:32:47 GMT
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
ETag: W/"208e51-1887804e618"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=30
Connection: keep-alive
CF-RAY: 7e5a3ff6a94b3639-FRA
X-Request-ID: 2d83be65-34e0-4bc2-a975-1910c75285f7
Expires: Wed, 12 Jul 2023 15:17:23 GMT

GET
H/1.1 200
OK application-2f3a904c5ab2dc45a314.js
chat.nelnetbank.velocity.nelnet.io/_static/ Frame 0834 162 KB
44 KB 800ms
716ms Script
application/javascript 2606:4700::6812:bcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://chat.nelnetbank.velocity.nelnet.io/_static/application-2f3a904c5ab2dc45a314.js

Requested by

Host: chat.nelnetbank.velocity.nelnet.io
URL: https://chat.nelnetbank.velocity.nelnet.io/chat

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://chat.nelnetbank.velocity.nelnet.io/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 15:16:53 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Thu, 01 Jun 2023 17:32:47 GMT
Server: cloudflare
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
ETag: W/"287f2-1887804e618"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=30
Connection: keep-alive
CF-RAY: 7e5a3ff72b42917a-FRA
X-Request-ID: 2438860b-c5b6-4852-8b98-6a57e0e04f73
Expires: Wed, 12 Jul 2023 15:17:23 GMT

POST
H2 200 v2
rs.fullstory.com/rec/bundle/ 29 B
91 B 239ms
236ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/bundle/v2?OrgId=BB4ET&UserId=d58dc1e5-3a92-4c33-ad0d-3b40e7848932&SessionId=81476c71-3476-4771-a475-24ceaf726e61&PageId=6b87cec9-e62c-4d90-9f98-9ce4b7f9445d&Seq=1&PageStart=1689175012183&PrevBundleTime=0&LastActivity=867&IsNewSession=true
Requested by: Host: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Referer: https://auth.nelnetbank.velocity.nelnet.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://auth.nelnetbank.velocity.nelnet.io
date: Wed, 12 Jul 2023 15:16:53 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
content-type: application/json; charset=utf-8

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/ 125 KB
126 KB 41ms
40ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://auth.nelnetbank.velocity.nelnet.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 12 Jul 2023 05:24:38 GMT
x-content-type-options: nosniff
age: 35535
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128352
x-xss-protection: 0
last-modified: Tue, 07 Mar 2023 19:51:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Jul 2024 05:24:38 GMT

GET
H/1.1 200
OK download
api.velocity.nelnet.io/v3/xpmMedia/ 12 KB
13 KB 815ms
779ms Image
image/png 2606:4700::6812:acc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.velocity.nelnet.io/v3/xpmMedia/download?tenantId=nelnetbank&filename=logo-white.png

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.nelnetbank.velocity.nelnet.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 12 Jul 2023 15:16:54 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
x-permitted-cross-domain-policies: none
Server: cloudflare
Transfer-Encoding: chunked
x-frame-options: deny
Content-Type: image/png
Vary: Accept-Encoding
Connection: keep-alive
x-robots-tag: none, noimageindex
CF-RAY: 7e5a3ff958d5bbcd-FRA
X-Request-ID: e0dbd510-57a9-4c38-881f-28ecb4c3780e

POST requestClientToken
chat.nelnetbank.velocity.nelnet.io/ Frame 0834 0
0

GET css
fonts.googleapis.com/ Frame 0834 0
0

POST v2
rs.fullstory.com/rec/bundle/ 0
0

POST collect
region1.google-analytics.com/g/ 0
0

POST rum
rum.browser-intake-datadoghq.com/api/v2/ 0
0

POST rum
rum.browser-intake-datadoghq.com/api/v2/ Frame 0834 0
0

GET icon
fonts.googleapis.com/ 0
0

GET vendors-2f3a904c5ab2dc45a314.js
auth.nelnetbank.velocity.nelnet.io/_static/ 0
0

GET application-2f3a904c5ab2dc45a314.js
auth.nelnetbank.velocity.nelnet.io/_static/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: chat.nelnetbank.velocity.nelnet.io
URL: https://chat.nelnetbank.velocity.nelnet.io/requestClientToken

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600&display=swap

Domain: rs.fullstory.com
URL: https://rs.fullstory.com/rec/bundle/v2?OrgId=BB4ET&UserId=d58dc1e5-3a92-4c33-ad0d-3b40e7848932&SessionId=81476c71-3476-4771-a475-24ceaf726e61&PageId=6b87cec9-e62c-4d90-9f98-9ce4b7f9445d&Seq=2&PageStart=1689175012183&PrevBundleTime=1689175013287&IsNewSession=true&SkipResponseBody=true

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-E85CJLWCP7&gtm=45je37a0&_p=631438803&cid=1386801288.1689175012&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&ngs=1&_s=3&sid=1689175011&sct=1&seg=0&dl=https%3A%2F%2Fauth.nelnetbank.velocity.nelnet.io%2Fsign-in%3Flogin_challenge%3D9bb6cbd10e45416aa3a6f1f1580ce8ca%26tenant%3Dnelnetbank&dt=Sign%20In&en=scroll&epn.percent_scrolled=90&_et=5

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-E85CJLWCP7&gtm=45je37a0&_p=631438803&cid=1386801288.1689175012&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=4&sid=1689175011&sct=1&seg=0&dl=https%3A%2F%2Fauth.nelnetbank.velocity.nelnet.io%2Fsign-in%3Flogin_challenge%3D9bb6cbd10e45416aa3a6f1f1580ce8ca%26tenant%3Dnelnetbank&dt=Sign%20In&en=user_engagement&_et=2796

Domain: rum.browser-intake-datadoghq.com
URL: https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.11.2%2Cenv%3Aproduction%2Cservice%3Aauth.nelnetbank.velocity.nelnet.io%2Cversion%3A2.11.1&dd-api-key=pub30e3d3898f35d177802c0ed44a761bae&dd-evp-origin-version=4.11.2&dd-evp-origin=browser&dd-request-id=dd3f86c6-dcae-4381-9358-ff560b342022&batch_time=1689175014445

Domain: rum.browser-intake-datadoghq.com
URL: https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.11.2%2Cenv%3Aproduction%2Cservice%3Achat.nelnetbank.velocity.nelnet.io%2Cversion%3A2.11.1&dd-api-key=pub30e3d3898f35d177802c0ed44a761bae&dd-evp-origin-version=4.11.2&dd-evp-origin=browser&dd-request-id=c7f16d31-ad39-44a6-a2e2-02b266fd7771&batch_time=1689175014446

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons

Domain: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/vendors-2f3a904c5ab2dc45a314.js

Domain: auth.nelnetbank.velocity.nelnet.io
URL: https://auth.nelnetbank.velocity.nelnet.io/_static/application-2f3a904c5ab2dc45a314.js

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.velocity.nelnet.io/	1970-01-20 13:12:56	Name: __cf_bm Value: K86p5dDK1UPHSy8u3SdT7azKko5WvtTXZKG8TpspHwc-1689175009-0-AdoPRpa5IMuyICLMjnXNL4Ee5dUXJ3a8V/k4XHcybUpcGlAitjvABm2eNMXimcYcnOZu5ismp27CfMbqiyLVhBMizPcZuMo4V4foV4rqSKta
.nelnet.io/	1970-01-20 15:22:31	Name: _gcl_au Value: 1.1.1453562051.1689175011
.nelnet.io/	1970-01-20 22:48:55	Name: _ga_E85CJLWCP7 Value: GS1.1.1689175011.1.0.1689175011.0.0.0
.nelnet.io/	1970-01-20 22:48:55	Name: _ga Value: GA1.2.1386801288.1689175012
.nelnet.io/	1970-01-20 13:14:21	Name: _gid Value: GA1.2.563695350.1689175012
.nelnet.io/	1970-01-20 13:12:55	Name: _gat_UA-180194408-1 Value: 1
.nelnet.io/	1970-01-20 13:12:56	Name: fs_lua Value: 1.1689175012182
.nelnet.io/	1970-01-20 21:58:31	Name: fs_uid Value: #BB4ET#d58dc1e5-3a92-4c33-ad0d-3b40e7848932:81476c71-3476-4771-a475-24ceaf726e61:1689175012182::1#/1720711011
api.velocity.nelnet.io/	1970-01-20 13:56:07	Name: oauth2_authentication_csrf Value: MTY4OTE3NTAxM3xEdi1CQkFFQ180SUFBUkFCRUFBQVB2LUNBQUVHYzNSeWFXNW5EQVlBQkdOemNtWUdjM1J5YVc1bkRDSUFJR0prWVdKaE56UTVOakV5WWpRNVlUSmlZakV4WVRCaVlqazROVEJsTXpCaHwWGMgo6xzr10EpoC9erg86Spl0GehH81dnMpscO4olog==
auth.nelnetbank.velocity.nelnet.io/	1970-01-20 13:12:55	Name: _dd_s Value: logs=1&id=fc5e12b1-b60b-424f-9f94-8917b8996eb0&created=1689175009557&expire=1689175909560&rum=2

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.velocity.nelnet.io/v4/iam/getLoginInfo?loginChallenge=9bb6cbd10e45416aa3a6f1f1580ce8ca&realm=default&tenant=nelnetbank Message: Failed to load resource: the server responded with a status of 409 (Conflict)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-src 'self' blob: localhost https://chat.nelnetbank.velocity.nelnet.io ; object-src 'self' blob:;
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.velocity.nelnet.io
auth.nelnetbank.velocity.nelnet.io
cdn.pendo.io
chat.nelnetbank.velocity.nelnet.io
data.pendo.io
edge.fullstory.com
fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
rs.fullstory.com
rum.browser-intake-datadoghq.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
auth.nelnetbank.velocity.nelnet.io
chat.nelnetbank.velocity.nelnet.io
fonts.googleapis.com
region1.google-analytics.com
rs.fullstory.com
rum.browser-intake-datadoghq.com
2001:4860:4802:34::36
2600:1f18:24e6:b902:a1bc:5be6:b86c:6c2a
2600:9000:223f:3c00:1f:aa31:7740:93a1
2606:4700::6812:acc
2606:4700::6812:bcc
2a00:1450:4001:808::2008
2a00:1450:4001:809::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:831::200a
2a00:1450:400c:c07::9c
34.149.155.70
35.186.194.58
35.201.112.186
005b5900b7c883605a51064c4d229f497c8ba63718c411f74a071316b33d2e1f
145d08f31dcd15d73039e287e41179a4f2a6b69baf49342281cd3e93f6ad8a15
1cda1efc54f1d77de6ade75988bb64ba4a6ad4f60d54e82f21acf0100ff3f345
1ce9d7e6fc68a11f26bd655270de9856175e91416ccf74661afba25ef9b4d27b
2582952784e1c10898ae8ed46b3a41e5e63eaaa3454df80d000fad2e142b1ee7
2a5b45dd195ce7679093333ebd2e6dce2caf1914071786967cf7702a5269709a
316b17317b58a63bb00090026803efd8c138bcd21556ce28182cf7c0f1a5c03d
48b679bb27c0085286fe8d6354e7dd6be02ef3631d7cc03b3c12465441211c97
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
80e2dbe2ce5f3cbf121ce2437920c0703c99e15fdbebc2aeb6b87a74b0f1d538
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8bea9537bdce4412b95f6fd0028498d2de43cfed81751832db69213910d71af7
930f7f17692532a702caa871815258bb396bfd4c1ed90b1186607cd75abe4414
a1d3b8f90968f115f6f77168580837d3b73f06ca8cf42a234d3db46598ffa1b1
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
c2cb6839fff67255036283dbc3a865203cf0eec086cb1ddc23b7b7fb9b1d1270
c2ee90c0094e1757b16d20f121e71fe6d541986a0f1aeef0dbf4820e57917933
d3743c6f1dd7dbe1a3677bc1304a36ea74dca1aeb1c5a687cfd4cdf5574e9925
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e896acdeada4b5d61a05ce808ed6b51211515a27bf037a9b7023b1596763d011
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

auth.nelnetbank.velocity.nelnet.io Open in urlscan Pro 2606:4700::6812:acc Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

58 Requests

81 %HTTPS

77 %IPv6

9 Domains

14 Subdomains

14 IPs

3 Countries

1845 kBTransfer

5911 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

auth.nelnetbank.velocity.nelnet.io Open in urlscan Pro
2606:4700::6812:acc Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

81 %
HTTPS

77 %
IPv6

9
Domains

14
Subdomains

14
IPs

3
Countries

1845 kB
Transfer

5911 kB
Size

10
Cookies

58 HTTP transactions
0 data transactions