www.nelnetbank.slr.sparrowtest.com Open in urlscan Pro
18.164.124.62 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.nelnetbank.slr.sparrowtest.com/
Submission: On November 14 via automatic, source certstream-suspicious (November 14th 2024, 8:30:49 am UTC) — Scanned from US

Summary HTTP 62 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 28 IPs in 2 countries across 19 domains to perform 62 HTTP transactions. The main IP is 18.164.124.62, located in United States and belongs to AMAZON-02, US. The main domain is www.nelnetbank.slr.sparrowtest.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on December 15th 2023. Valid for: a year.

This is the only time www.nelnetbank.slr.sparrowtest.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	18.164.124.62 18.164.124.62	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4004:c17::5f	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4004:c07::61	15169 (GOOGLE) (GOOGLE)
3	35.201.112.186 35.201.112.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	35.186.194.58 35.186.194.58	15169 (GOOGLE) (GOOGLE)
1	142.251.40.100 142.251.40.100	15169 (GOOGLE) (GOOGLE)
6	2606:4700::68... 2606:4700::6812:572a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2620:1ec:33:1... 2620:1ec:33:1::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:141b:1c0... 2600:141b:1c00:6::17df:d120	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2607:f8b0:400... 2607:f8b0:4006:821::200e	15169 (GOOGLE) (GOOGLE)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	157.240.241.1 157.240.241.1	32934 (FACEBOOK) (FACEBOOK)
1	44.209.137.118 44.209.137.118	() ()
1	142.251.16.157 142.251.16.157	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c1f::9b	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c21::9d	() ()
3 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2606:4700:440... 2606:4700:4400::ac40:92d7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	52.89.99.220 52.89.99.220	() ()
2	157.240.241.35 157.240.241.35	32934 (FACEBOOK) (FACEBOOK)
1	35.81.162.201 35.81.162.201	16509 (AMAZON-02) (AMAZON-02)
1	216.69.100.142 216.69.100.142	() ()
1	142.251.35.174 142.251.35.174	15169 (GOOGLE) (GOOGLE)
1	13.249.91.44 13.249.91.44	() ()
2	108.139.47.108 108.139.47.108	() ()
3	54.84.227.99 54.84.227.99	() ()
62	28

10 18.164.124.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-124-62.jfk50.r.cloudfront.net

www.nelnetbank.slr.sparrowtest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c07::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com

edge.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.100 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:33:1::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:6::17df:d120 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:821::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.241.1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.209.137.118 (Ashburn, United States)

ASN- ()
PTR: ec2-44-209-137-118.compute-1.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.16.157 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1f::9b (Washington, United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80e::200e (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c21::9d (Washington, United States)

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:92d7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.89.99.220 (Boardman, United States)

ASN- ()
PTR: ec2-52-89-99-220.us-west-2.compute.amazonaws.com

px.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.241.35 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-lga3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.81.162.201 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-162-201.us-west-2.compute.amazonaws.com

gs.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.69.100.142 (United States)

ASN- ()

www.nelnet.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.35.174 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.91.44 (None, )

ASN- ()

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.139.47.108 (None, )

ASN- ()

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.84.227.99 (None, )

ASN- ()

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	sparrowtest.com www.nelnetbank.slr.sparrowtest.com	840 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 404 www.linkedin.com — Cisco Umbrella Rank: 705 px4.ads.linkedin.com — Cisco Umbrella Rank: 6892	4 KB
7	fullstory.com edge.fullstory.com — Cisco Umbrella Rank: 2630 rs.fullstory.com — Cisco Umbrella Rank: 2600	81 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 390	120 KB
4	intercom.io widget.intercom.io api-iam.intercom.io	9 KB
4	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 52 td.doubleclick.net — Cisco Umbrella Rank: 231 stats.g.doubleclick.net — Cisco Umbrella Rank: 171	630 B
4	mountain.com dx.mountain.com — Cisco Umbrella Rank: 5404 px.mountain.com — Cisco Umbrella Rank: 5644 gs.mountain.com — Cisco Umbrella Rank: 11087	8 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 65	22 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 397	15 KB
3	google.com www.google.com — Cisco Umbrella Rank: 4 analytics.google.com — Cisco Umbrella Rank: 170
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 64	360 KB
2	intercomcdn.com js.intercomcdn.com	287 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	217 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 208	75 KB
1	nelnet.net www.nelnet.net — Cisco Umbrella Rank: 354958	1 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 275	1 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1142	14 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 55	1 KB
0	evgnet.com Failed cdn.evgnet.com Failed
62	19

	Domain	Requested by
10	www.nelnetbank.slr.sparrowtest.com	www.nelnetbank.slr.sparrowtest.com
6	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org www.nelnetbank.slr.sparrowtest.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
4	rs.fullstory.com	edge.fullstory.com
3	api-iam.intercom.io	js.intercomcdn.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.nelnetbank.slr.sparrowtest.com
3	edge.fullstory.com	www.nelnetbank.slr.sparrowtest.com edge.fullstory.com
3	www.googletagmanager.com	www.nelnetbank.slr.sparrowtest.com www.googletagmanager.com www.google-analytics.com
2	js.intercomcdn.com	widget.intercom.io
2	www.facebook.com	www.nelnetbank.slr.sparrowtest.com
2	px.mountain.com	dx.mountain.com px.mountain.com
2	analytics.google.com	www.nelnetbank.slr.sparrowtest.com
2	td.doubleclick.net	www.googletagmanager.com
2	connect.facebook.net	www.nelnetbank.slr.sparrowtest.com connect.facebook.net
1	widget.intercom.io	www.nelnetbank.slr.sparrowtest.com
1	www.nelnet.net	www.nelnetbank.slr.sparrowtest.com
1	gs.mountain.com	px.mountain.com
1	px4.ads.linkedin.com	www.nelnetbank.slr.sparrowtest.com
1	www.linkedin.com	1 redirects
1	stats.g.doubleclick.net	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	dx.mountain.com	www.nelnetbank.slr.sparrowtest.com
1	cdnjs.cloudflare.com	www.nelnetbank.slr.sparrowtest.com
1	snap.licdn.com	www.nelnetbank.slr.sparrowtest.com
1	www.google.com	www.googletagmanager.com
1	fonts.googleapis.com	www.nelnetbank.slr.sparrowtest.com
0	cdn.evgnet.com Failed	www.googletagmanager.com
62	28

This site contains links to these domains. Also see Links.

Domain
www.sparrowfi.com
onetrust.com
www.nelnetbank.com

Subject Issuer	Validity	Valid
www.nelnetbank.slr.sparrowtest.com Amazon RSA 2048 M02	`2023-12-15` - `2025-01-12`	a year	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
edge.fullstory.com WR3	`2024-10-20` - `2025-01-18`	3 months	crt.sh
rs.fullstory.com WR3	`2024-10-22` - `2025-01-20`	3 months	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
cookielaw.org WE1	`2024-10-11` - `2025-01-09`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 03	`2024-09-16` - `2025-03-15`	6 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-23` - `2024-11-21`	3 months	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2024-05-23` - `2025-06-24`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
www.nelnet.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-11-06` - `2025-11-06`	a year	crt.sh
*.intercom.com Amazon RSA 2048 M03	`2024-01-15` - `2025-02-11`	a year	crt.sh
*.intercomcdn.com Amazon RSA 2048 M02	`2024-10-31` - `2025-11-28`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.nelnetbank.slr.sparrowtest.com/
Frame ID: F12635E87A27DF65FE0438FDBFB9BC57
Requests: 57 HTTP requests in this frame

Frame: data://truncated
Frame ID: 36502D655E5A16FA3C94A164863DBA37
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/541544738?random=1731573035254&cv=11&fst=1731573035254&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bc0v9120465222z8833140375za201zb833140375&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102077855&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&hn=www.googleadservices.com&frm=0&tiba=Nelnet%20Bank&npa=0&pscdl=noapi&auid=497649273.1731573035&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: A4018BDFD5A994AE7EA4A3B1A7F3D4CC
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-E85CJLWCP7&gacid=113504980.1731573035&gtm=45je4bc0v9100074456z8833140375za200zb833140375&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102077855&z=1028731043
Frame ID: F697F16CC3DDCBAF8F34913860DBB017
Requests: 1 HTTP requests in this frame

Frame: https://edge.fullstory.com/s/fs.js
Frame ID: BFFD64BAB252E467EB4C663882BAD1BA
Requests: 1 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.824d1611.js
Frame ID: 0E6C9232ADBD11BBB582BCAB375775FD
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nelnet Bank

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

62
Requests

95 %
HTTPS

39 %
IPv6

19
Domains

28
Subdomains

28
IPs

2
Countries

1837 kB
Transfer

6280 kB
Size

23
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sparrowfi.com/
Title: Powered by Sparrow

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

URL: https://www.nelnetbank.com/privacycenter/
Title: privacy center.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731573035370&li_adsId=9589c0aa-10a1-4c56-b62d-5ef2a94d1541&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731573035370&li_adsId=9589c0aa-10a1-4c56-b62d-5ef2a94d1541&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2735348%26time%3D1731573035370%26li_adsId%3D9589c0aa-10a1-4c56-b62d-5ef2a94d1541%26url%3Dhttps%253A%252F%252Fwww.nelnetbank.slr.sparrowtest.com%252Fprequalification%252Fabout-you%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731573035370&li_adsId=9589c0aa-10a1-4c56-b62d-5ef2a94d1541&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731573035370&li_adsId=9589c0aa-10a1-4c56-b62d-5ef2a94d1541&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cookiesTest=true&liSync=true&e_ipv6=AQIEIUvWXjj6zwAAAZMpy7N64516gbesIvcHcNdYFm2_p9p1p2rLPL6HKtgIg7hNmBW65w

62 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.nelnetbank.slr.sparrowtest.com/ 4 KB
6 KB 1965ms
1810ms Document
text/html 18.164.124.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nelnetbank.slr.sparrowtest.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-62.jfk50.r.cloudfront.net

Software

CloudFront /

Resource Hash

b5791678cff4b6dd63a7158ec05af3d9466a1f0f7185afe17f6cbf89df951488

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; default-src 'self'; script-src 'nonce-8VlKhWJ66AtMiKn8pQYlMg==' 'strict-dynamic' 'self' widget.intercom.io .intercomcdn.com cdnjs.cloudflare.com maps.googleapis.com .fullstory.com https://.googletagmanager.com bat.bing.com cdn.cookielaw.org connect.facebook.net snap.licdn.com cdn.evgnet.com/beacon/nelnetinc/nelnetbank/scripts/evergage.min.js www.google-analytics.com googleads.g.doubleclick.net .sparrowtest.com 'sha256-XKl1DCtIkUBRvq1BiT9zIBS3ACWpsKjHNhFzq0JmE+c=' 'sha256-BibpoDGtLcqJmldHiTEJJaxae7rPNurFYXgWVCO4EVw=' 'sha256-Cp2zw0VJ1mIDeLf9E/9u2yfQ4K8yceNQMHk0BbUny8w=' 'sha256-PDHO0RDk4w5XlXMawrYw+4fVwJ5VvxjsZ0ocFGd3SzA=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-yxBn2Gp5NuqMNi7ReuwA3JbUbGjVKzk65Z2zsrps7Oc=' 'sha256-bvNubAaanvzctSH2Bj6ENjJoNk03JMpLZL4AeDGgepg=' 'sha256-F3Qj+IRGZEqGdWNLdiYQFEfi+pCkL2mRTY8vVLr+Q44='; style-src 'self' .sparrowtest.com .sparrowfi.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; font-src 'self' .intercomcdn.com .sparrowtest.com .sparrowfi.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' .intercomcdn.com .intercom.io wss://.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io .sparrowtest.com .sparrowfi.com .fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://.google.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com .linkedin.com stats.g.doubleclick.net; img-src 'self' .intercomcdn.com static.intercomassets.com d3iunsqowh8khd.cloudfront.net d35hce9fx6cz15.cloudfront.net cdnjs.cloudflare.com bat.bing.com www.nelnet.net www.facebook.com .linkedin.com www.google.com https://.google-analytics.com https://.googletagmanager.com data:; frame-src 'self' td.doubleclick.net
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: 36000
content-length: 4340
content-security-policy: block-all-mixed-content; default-src 'self'; script-src 'nonce-8VlKhWJ66AtMiKn8pQYlMg==' 'strict-dynamic' 'self' widget.intercom.io *.intercomcdn.com cdnjs.cloudflare.com maps.googleapis.com *.fullstory.com https://*.googletagmanager.com bat.bing.com cdn.cookielaw.org connect.facebook.net snap.licdn.com cdn.evgnet.com/beacon/nelnetinc/nelnetbank/scripts/evergage.min.js www.google-analytics.com googleads.g.doubleclick.net *.sparrowtest.com 'sha256-XKl1DCtIkUBRvq1BiT9zIBS3ACWpsKjHNhFzq0JmE+c=' 'sha256-BibpoDGtLcqJmldHiTEJJaxae7rPNurFYXgWVCO4EVw=' 'sha256-Cp2zw0VJ1mIDeLf9E/9u2yfQ4K8yceNQMHk0BbUny8w=' 'sha256-PDHO0RDk4w5XlXMawrYw+4fVwJ5VvxjsZ0ocFGd3SzA=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-yxBn2Gp5NuqMNi7ReuwA3JbUbGjVKzk65Z2zsrps7Oc=' 'sha256-bvNubAaanvzctSH2Bj6ENjJoNk03JMpLZL4AeDGgepg=' 'sha256-F3Qj+IRGZEqGdWNLdiYQFEfi+pCkL2mRTY8vVLr+Q44='; style-src 'self' *.sparrowtest.com *.sparrowfi.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; font-src 'self' *.intercomcdn.com *.sparrowtest.com *.sparrowfi.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.intercomcdn.com *.intercom.io wss://*.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io *.sparrowtest.com *.sparrowfi.com *.fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.linkedin.com stats.g.doubleclick.net; img-src 'self' *.intercomcdn.com static.intercomassets.com d3iunsqowh8khd.cloudfront.net d35hce9fx6cz15.cloudfront.net cdnjs.cloudflare.com bat.bing.com www.nelnet.net www.facebook.com *.linkedin.com www.google.com https://*.google-analytics.com https://*.googletagmanager.com data:; frame-src 'self' td.doubleclick.net
content-type: text/html
date: Thu, 14 Nov 2024 08:30:34 GMT
referrer-policy: strict-origin
server: CloudFront
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 024ebcc63921610877d4ba277290628c.cloudfront.net (CloudFront)
x-amz-cf-id: QpxM3reXlxU_UzG3fZRF3hd-nnomGLxsw1vu8fCD12Q3mqg9Uy2T5Q==
x-amz-cf-pop: JFK50-P7
x-cache: LambdaGeneratedResponse from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 css2
fonts.googleapis.com/ 8 KB
1 KB 189ms
72ms Stylesheet
text/css 2607:f8b0:4004:c17::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Mate&family=Oswald:wght@600;700&family=PT+Sans:wght@400;700&display=swap

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

729b4931457b15d335860cf1a2d9d3613e40f3c1deb0367c781d32303cdb3e79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 14 Nov 2024 08:30:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 14 Nov 2024 08:30:34 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 14 Nov 2024 08:30:34 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 index-BrD-iuFc.js Show response
www.nelnetbank.slr.sparrowtest.com/assets/ 2 MB
608 KB 236ms
235ms Script
application/javascript 18.164.124.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nelnetbank.slr.sparrowtest.com/assets/index-BrD-iuFc.js

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-62.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

e86c9ac3be37614df8f5981e23bc1952a5598265bc48839004eb3aa2575de844

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.nelnetbank.slr.sparrowtest.com
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: gzip
etag: W/"3f24b9a59705169d241b90b8b5bd0716"
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: AI_JG9xInMdUPZ5i3X49lsLkkhs_hJlzds8e8JzlPyqu9p5NoWhgUw==
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: 36000
referrer-policy: strict-origin
via: 1.1 024ebcc63921610877d4ba277290628c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 index-BYqIiPQ6.css
www.nelnetbank.slr.sparrowtest.com/assets/ 156 KB
29 KB 218ms
218ms Stylesheet
text/css 18.164.124.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-62.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

25a23f99d58e3cdecf7c148aa921a390b283666aeccc09e1fb7932ccdb219d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.nelnetbank.slr.sparrowtest.com
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: gzip
etag: W/"7347149350beb05291491b0da739fe35"
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: P_Tq9KPAv_SpTtn3nz7anHK7EmpQ6l9x8Wrh0yypq8H0QVpwpuP5Sw==
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: text/css
vary: accept-encoding
last-modified: Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: 36000
referrer-policy: strict-origin
via: 1.1 024ebcc63921610877d4ba277290628c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 421 KB
131 KB 207ms
92ms Script
application/javascript 2607:f8b0:4004:c07::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5ca51946d12e79356fcc18525cd72362ced502eb49a7f117b7da43cf3a86bced

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 14 Nov 2024 08:30:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 14 Nov 2024 08:30:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 14 Nov 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 133699
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 fs.js Show response
edge.fullstory.com/s/ 286 KB
78 KB 106ms
33ms Script
application/javascript 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9c3a508b6f8a33e1f9f7e964c6f70e2c364bb836d69ad40912a873f4a30be96f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.nelnetbank.slr.sparrowtest.com
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: br
x-goog-hash: crc32c=i5SFWQ==, md5=dchxFTsSf6lAYIskBmwaVA==
etag: "75c871153b127fa940608b24066c1a54"
age: 222
x-goog-stored-content-encoding: br
expires: Thu, 14 Nov 2024 09:26:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 79062
date: Thu, 14 Nov 2024 08:26:52 GMT
last-modified: Wed, 13 Nov 2024 17:23:07 GMT
content-type: application/javascript
vary: Accept-Encoding
x-guploader-uploadid: AFiumC5gC-e9sEarD8C4JJBimIqo81hZ_HLSYPThUCf4DSrLxe7Zr5tw1Y36CZgmSxtyASv7VTIIZyXMZw
cache-control: public, max-age=3600,no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1731518587389058
content-length: 79062
server: UploadServer

GET
H2 200 web Show response
edge.fullstory.com/s/settings/BB4ET/v1/ 13 KB
2 KB 70ms
69ms XHR
application/json 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/settings/BB4ET/v1/web
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: b8c093e6f421e3e70117b9b6bc33ed5b4cdfbd6cf1a1c8fdedbf38e6c441b9bc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=2qnAMw==, md5=3nkp95ZLecTN9U69hQ3ajw==
etag: "de7929f7964b79c4cdf54ebd850dda8f"
age: 0
x-goog-stored-content-encoding: gzip
expires: Thu, 14 Nov 2024 08:45:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 1792
date: Thu, 14 Nov 2024 08:30:34 GMT
last-modified: Thu, 14 Nov 2024 08:25:39 GMT
content-type: application/json
x-guploader-uploadid: AHmUCY0uHisr6QtgTtMzmPQ65Pr7c_Y1P4FiDn1eWtesiVsjXduaJo2EjS0_i7ZwMOGjKXTpf58
cache-control: public,max-age=900,no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1731521439864311
content-length: 1792
server: UploadServer

POST
H2 200 page Show response
rs.fullstory.com/rec/ 1 KB
850 B 148ms
81ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/page
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 44ee00fe25dc14fe023588ffab5c0fa24788008d5c1daea9d3e6736b071e1b10

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 654
date: Thu, 14 Nov 2024 08:30:34 GMT
content-type: application/json; charset=utf-8

POST
H3 200 collect
www.google.com/ccm/ 0
0 200ms
78ms Ping
text/plain 142.251.40.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=625583256.1731573035&auid=497649273.1731573035&npa=0&gtm=45He4bc0v833140375za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855&tft=1731573034814&tfd=2393&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.100 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s79-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 409 KB
131 KB 105ms
104ms Script
application/javascript 2607:f8b0:4004:c07::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-E85CJLWCP7&l=dataLayer&cx=c&gtm=45He4bc0v833140375za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

58dbc281a760c430b721eec00f569db500cd7cb2cf5024f04eec0a537a50286f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 14 Nov 2024 08:30:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 14 Nov 2024 08:30:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 134105
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 22 KB
8 KB 116ms
40ms Script
application/javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5: Vo/d0f3ZefkwyML/PnJnjg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DD03B52B60A337
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 5646
x-content-type-options: nosniff
date: Thu, 14 Nov 2024 08:30:34 GMT
content-type: application/javascript
last-modified: Wed, 13 Nov 2024 07:31:20 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 8676ee84-f01e-0019-699f-35bfe2000000
cf-ray: 8e25a3ec3d33961a-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7212
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 283 KB
98 KB 86ms
85ms Script
application/javascript 2607:f8b0:4004:c07::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-541544738&l=dataLayer&cx=c&gtm=45He4bc0v833140375za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

639b9ac8aa01c4ceae4f71c565fd5a1a328de578392cba618b40157a9198195e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Thu, 14 Nov 2024 08:30:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 14 Nov 2024 08:30:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 14 Nov 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99616
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 bat.js Show response
bat.bing.com/ 50 KB
15 KB 159ms
55ms Script
application/javascript 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: gzip
etag: "028e0691d20db1:0"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96B25D3AD5FF44548D139DCB8D561926 Ref B: MIAEDGE1508 Ref C: 2024-11-14T08:30:34Z
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 14570
date: Thu, 14 Nov 2024 08:30:34 GMT
content-type: application/javascript
last-modified: Wed, 16 Oct 2024 22:47:44 GMT
vary: Accept-Encoding

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 218ms
66ms Script
application/javascript 2600:141b:1c00:6::17df:d120
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d120 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control: max-age=19336
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Thu, 14 Nov 2024 08:30:35 GMT
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET evergage.min.js
cdn.evgnet.com/beacon/nelnetinc/nelnetbank/scripts/ 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 195ms
61ms Script
text/javascript 2607:f8b0:4006:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: gzip
age: 1471
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 14 Nov 2024 10:06:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 14 Nov 2024 08:06:04 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
DATA 200
OK truncated
/ Frame 3650 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3650 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 BasierCircle-Regular-kuEpW37U.woff2
www.nelnetbank.slr.sparrowtest.com/assets/ 17 KB
18 KB 118ms
117ms Font
binary/octet-stream 18.164.124.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nelnetbank.slr.sparrowtest.com/assets/BasierCircle-Regular-kuEpW37U.woff2

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-62.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

bc27ad01d2f8eb11cfdb80ff708214db38c85a0e039f772a282a8757b0230193

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.nelnetbank.slr.sparrowtest.com
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag: "43deb08ceb3cdc04cb644394052e8b66"
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: XmQyMsFLUWWi59pGZEBemLEawSBcCnNexYJLxSm8Hjkmn8HwPamj0w==
date: Thu, 14 Nov 2024 08:30:36 GMT
content-type: binary/octet-stream
last-modified: Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: 36000
referrer-policy: strict-origin
via: 1.1 024ebcc63921610877d4ba277290628c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 17552
x-amz-cf-pop: JFK50-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 BasierCircle-Bold-BRwEG-Yr.woff2
www.nelnetbank.slr.sparrowtest.com/assets/ 17 KB
18 KB 120ms
119ms Font
binary/octet-stream 18.164.124.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nelnetbank.slr.sparrowtest.com/assets/BasierCircle-Bold-BRwEG-Yr.woff2

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-62.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

6e05ff1a7ed11597c87b4df200fb58a0dac512021bd03a3b52ee41f64ce69846

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.nelnetbank.slr.sparrowtest.com
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag: "2104effc36d9963b5763a035b2b4d8c2"
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: ngOf7X5W4gpK4h6J6OtS2KTTArgWM6IgMZkG7_6C95S3DYEVIC7lNg==
date: Thu, 14 Nov 2024 08:30:36 GMT
content-type: binary/octet-stream
last-modified: Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: 36000
referrer-policy: strict-origin
via: 1.1 024ebcc63921610877d4ba277290628c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 17800
x-amz-cf-pop: JFK50-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 BasierCircle-SemiBold-DG-qiOZi.woff2
www.nelnetbank.slr.sparrowtest.com/assets/ 18 KB
18 KB 121ms
120ms Font
binary/octet-stream 18.164.124.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nelnetbank.slr.sparrowtest.com/assets/BasierCircle-SemiBold-DG-qiOZi.woff2

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-62.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3a4cc28baf83799e86168d5f90ea9a7544b593042e90e6b0ef2cb3ce15363d96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.nelnetbank.slr.sparrowtest.com
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag: "6cf2b070a29ee4540f10ffca7d8f0e57"
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: RW3J_gxQ2Rgck4CyX9xVMRw6koNFJKkxFcFjf5yGbIuJ_WEagcTsJA==
date: Thu, 14 Nov 2024 08:30:36 GMT
content-type: binary/octet-stream
last-modified: Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: 36000
referrer-policy: strict-origin
via: 1.1 024ebcc63921610877d4ba277290628c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 18304
x-amz-cf-pop: JFK50-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 BasierCircle-Medium-Bs0rI2ah.woff2
www.nelnetbank.slr.sparrowtest.com/assets/ 18 KB
18 KB 134ms
133ms Font
binary/octet-stream 18.164.124.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nelnetbank.slr.sparrowtest.com/assets/BasierCircle-Medium-Bs0rI2ah.woff2

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-62.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

efa9095d7835cec77935c57cf99e63942bcda1a59e487ae23523647d8f8c270e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.nelnetbank.slr.sparrowtest.com
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag: "99ef4d64ac4301d9c452b74e81f235af"
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: rq8eeEJJHOOnN8AfCvHBHKaikLFo2C4JtKX_VFLt-6HTu1j82woIBQ==
date: Thu, 14 Nov 2024 08:30:36 GMT
content-type: binary/octet-stream
last-modified: Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: 36000
referrer-policy: strict-origin
via: 1.1 024ebcc63921610877d4ba277290628c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 18256
x-amz-cf-pop: JFK50-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 icomoon-BXBee3-m.ttf
www.nelnetbank.slr.sparrowtest.com/assets/ 19 KB
19 KB 125ms
124ms Font
binary/octet-stream 18.164.124.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nelnetbank.slr.sparrowtest.com/assets/icomoon-BXBee3-m.ttf?qubszx

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-62.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

561eacd7a78089616588e8c34af06cce4d7592f578f62d2db2ebb66596483051

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.nelnetbank.slr.sparrowtest.com
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag: "93e0dc57cf80c039510a4b929f8699ee"
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: gWBzLjladRVkCJfvoRRFluZjYndkuOCIwfIVjpqjGEOaxRIMsMd3ag==
date: Thu, 14 Nov 2024 08:30:36 GMT
content-type: binary/octet-stream
last-modified: Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: 36000
referrer-policy: strict-origin
via: 1.1 024ebcc63921610877d4ba277290628c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 19396
x-amz-cf-pop: JFK50-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 logo-_0_dPQwB.png
www.nelnetbank.slr.sparrowtest.com/assets/ 103 KB
104 KB 236ms
236ms Image
image/png 18.164.124.62
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nelnetbank.slr.sparrowtest.com/assets/logo-_0_dPQwB.png

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-62.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

422089279a8d45dacd36064f612cfb1215a1e5186686a3da70ac577807a21ee4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag: "717e09807be349740177a1b5465b5596"
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: 3rnX1-fdkPGEK5cSj_Fm1ZpAOK0ZtwNsJBD8MLDyw3Bl1acnHr_16w==
date: Thu, 14 Nov 2024 08:30:36 GMT
content-type: image/png
last-modified: Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: 36000
referrer-policy: strict-origin
via: 1.1 024ebcc63921610877d4ba277290628c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 105663
x-amz-cf-pop: JFK50-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
DATA 200
OK truncated
/ 1018 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4fc817364277ef9c6b2de3747b0f9a06c5e91696eb304cd3b025f0ac5fc1b858

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 736 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3883e9c7bd01cd5c2f70a3a90f7efbdd848b72f099651ef2caff00257cceda63

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea16d67ed8233e371bfa427a71e4576c39e87ed45123738b53b94c31b5f95779

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H3 200 1f1fa-1f1f8.svg
cdnjs.cloudflare.com/ajax/libs/twemoji/14.0.2/svg/ 2 KB
1 KB 84ms
44ms Image
image/svg+xml 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twemoji/14.0.2/svg/1f1fa-1f1f8.svg

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1feca2279a6e78133bf577b99e4f3e82896622c255d29017cec5f5cfa93e4d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "659a11a8-2a0"
age: 564982
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2f5dqza7OtgWDYihIDGaTfcL3Ck9cdw9QE8gv151ek%2BeAcHZLEjHmU%2BdGLm7FnlQ9xHm4aKu0u%2Fs%2BDBCtIZG9DRRuoBT%2FXML%2B1SjYQwJfjnfi%2BKg8YH6C4e2vkn2YuXQtbtDOco"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 04 Nov 2025 08:30:35 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: image/svg+xml; charset=utf-8
last-modified: Sun, 07 Jan 2024 03:51:20 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8e25a3ee7fd37419-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 672
server: cloudflare

GET
H2 200 499aa82b-54fa-47f1-a6f3-e08d213f8337.json Show response
cdn.cookielaw.org/consent/499aa82b-54fa-47f1-a6f3-e08d213f8337/ 4 KB
2 KB 283ms
220ms XHR
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/499aa82b-54fa-47f1-a6f3-e08d213f8337/499aa82b-54fa-47f1-a6f3-e08d213f8337.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cf210fd84fd02e9dd57208fdec607d5dbea51d3b7eee241ef042d359e51b9c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5: 1EorCQ8AS0h4XDu7bpKumw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DC7A9CE49F587D
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
x-content-type-options: nosniff
expires: Fri, 15 Nov 2024 08:30:35 GMT
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: application/json
last-modified: Wed, 22 May 2024 20:22:24 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: e5609716-701e-0021-471f-35febb000000
cf-ray: 8e25a3eea8f7370f-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1518
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 136ms
61ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-TAII1Qmw' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-TAII1Qmw' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=59, rtx=0, c=23, mss=1232, tbw=4438, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: gJ7VzkjzyQRQXKYDfX1u+l/z6jaoI/ILJBtTVjTi9NTu+Pje+DeBAGxgyx4sm2P3ULhkbGdMYWh6S4Ik+krN8g==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62107
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H/1.1 200
OK spx Show response
dx.mountain.com/ 17 KB
5 KB 247ms
61ms Script
application/javascript 44.209.137.118

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=37208&tdr=&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cb=62912456742316890term=value
Requested by: Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.209.137.118 Ashburn, United States, ASN (),
Reverse DNS: ec2-44-209-137-118.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: fead34fdd63cd9d039aee9552f7974975116b6f1494e0e110b9c38a1193e9fd2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

transfer-encoding: chunked
content-encoding: gzip
x-envoy-upstream-service-time: 2
expires: Thu, 01 Jan 1970 00:00:00 GMT
be: spx-prod
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: application/javascript;charset=utf-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
server: istio-envoy

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/541544738/ 43 B
61 B 181ms
72ms Script
text/javascript 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/541544738/?random=1731573035254&cv=11&fst=1731573035254&bg=ffffff&guid=ON&async=1&gtm=45be4bc0v9120465222z8833140375za201zb833140375&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102077855&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&hn=www.googleadservices.com&frm=0&tiba=Nelnet%20Bank&npa=0&pscdl=noapi&auid=497649273.1731573035&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-541544738&l=dataLayer&cx=c&gtm=45He4bc0v833140375za200

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 37
date: Thu, 14 Nov 2024 08:30:35 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 541544738
td.doubleclick.net/td/rul/ Frame A401 0
0 198ms
75ms Document
text/html 2607:f8b0:4004:c1f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/541544738?random=1731573035254&cv=11&fst=1731573035254&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4bc0v9120465222z8833140375za201zb833140375&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102077855&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&hn=www.googleadservices.com&frm=0&tiba=Nelnet%20Bank&npa=0&pscdl=noapi&auid=497649273.1731573035&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-541544738&l=dataLayer&cx=c&gtm=45He4bc0v833140375za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nelnetbank.slr.sparrowtest.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Nov 2024 08:30:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
analytics.google.com/g/ 0
0 216ms
78ms Fetch
text/plain 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-E85CJLWCP7&gtm=45je4bc0v9100074456z8833140375za200zb833140375&_p=1731573034421&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102077855&cid=113504980.1731573035&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1731573035&sct=1&seg=0&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&dt=Nelnet%20Bank&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2902
Requested by: Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
569 B 186ms
65ms Ping
text/plain 2607:f8b0:4004:c21::9d

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-E85CJLWCP7&cid=113504980.1731573035&gtm=45je4bc0v9100074456z8833140375za200zb833140375&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102077855
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-E85CJLWCP7&l=dataLayer&cx=c&gtm=45He4bc0v833140375za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c21::9d Washington, United States, ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame F697 0
0 121ms
71ms Document
text/html 2607:f8b0:4004:c1f::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-E85CJLWCP7&gacid=113504980.1731573035&gtm=45je4bc0v9100074456z8833140375za200zb833140375&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102077855&z=1028731043

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-E85CJLWCP7&l=dataLayer&cx=c&gtm=45He4bc0v833140375za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nelnetbank.slr.sparrowtest.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 14 Nov 2024 08:30:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
763 B 151ms
80ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=2735348&time=1731573035370&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: *
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-fs-uuid: 000626db43ae991bfccdd3cc645a54b4
x-msedge-ref: Ref A: 44B9713FD2F04E6EA6ABA3B048D9E844 Ref B: MIAEDGE2821 Ref C: 2024-11-14T08:30:35Z
x-li-fabric: prod-lva1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYm20OumRv8zdPMZFpUtA==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 14 Nov 2024 08:30:34 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731573035370&li_adsId=9589c0aa-10a1-4c56-b62d-5ef2a94d1541&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731573035370&li_adsId=9589c0aa-10a1-4c56-b62d-5ef2a94d1541&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2735348%26time%3D1731573035370%26li_adsId%3D9589c0aa-10a1-4c56-b62d-5ef2a94d1541%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731573035370&li_adsId=9589c0aa-10a1-4c56-b62d-5ef2a94d1541&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731573035370&li_adsId=9589c0aa-10a1-4c56-b62d-5ef2a94d1541&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%...

0
489 B

207ms
133ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731573035370&li_adsId=9589c0aa-10a1-4c56-b62d-5ef2a94d1541&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cookiesTest=true&liSync=true&e_ipv6=AQIEIUvWXjj6zwAAAZMpy7N64516gbesIvcHcNdYFm2_p9p1p2rLPL6HKtgIg7hNmBW65w
Requested by: Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: C8E8152DF51241199D6E44EF63A1674E Ref B: MIAEDGE1312 Ref C: 2024-11-14T08:30:36Z
x-li-fabric: prod-lva1
x-li-uuid: AAYm20O3MLfHYxFY+O3Q8g==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731573035370&li_adsId=9589c0aa-10a1-4c56-b62d-5ef2a94d1541&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cookiesTest=true&liSync=true&e_ipv6=AQIEIUvWXjj6zwAAAZMpy7N64516gbesIvcHcNdYFm2_p9p1p2rLPL6HKtgIg7hNmBW65w
x-msedge-ref: Ref A: 2556CC0DB3094738B1BC4E5AD85D7CB2 Ref B: MIAEDGE1505 Ref C: 2024-11-14T08:30:35Z
x-li-fabric: prod-lva1
x-li-uuid: AAYm20O0+Pe1FvOcZt4uNA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 14 Nov 2024 08:30:35 GMT

GET
H2 200 fs.js Show response
edge.fullstory.com/s/ Frame BFFD 286 KB
0 106ms
33ms Script
application/javascript 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9c3a508b6f8a33e1f9f7e964c6f70e2c364bb836d69ad40912a873f4a30be96f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.nelnetbank.slr.sparrowtest.com
Referer

Response headers

x-goog-metageneration: 1
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: br
x-goog-hash: crc32c=i5SFWQ==, md5=dchxFTsSf6lAYIskBmwaVA==
etag: "75c871153b127fa940608b24066c1a54"
age: 222
x-goog-stored-content-encoding: br
expires: Thu, 14 Nov 2024 09:26:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 79062
date: Thu, 14 Nov 2024 08:26:52 GMT
last-modified: Wed, 13 Nov 2024 17:23:07 GMT
content-type: application/javascript
vary: Accept-Encoding
x-guploader-uploadid: AFiumC5gC-e9sEarD8C4JJBimIqo81hZ_HLSYPThUCf4DSrLxe7Zr5tw1Y36CZgmSxtyASv7VTIIZyXMZw
cache-control: public, max-age=3600,no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1731518587389058
content-length: 79062
server: UploadServer

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
449 B 77ms
76ms XHR
text/plain 2607:f8b0:4006:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1589937779&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&ul=en-us&de=UTF-8&dt=Nelnet%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACAABBAAAACAEC~&jid=2138746103&gjid=297423712&cid=113504980.1731573035&tid=UA-180194408-1&_gid=1514479255.1731573035&_r=1&_slc=1&gtm=45He4bc0n815Z2DDNRv833140375za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855&z=1013906167

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5cbf1455bbcabfd9a9a069e1d46f48f491347737ab6990f926d5cba7ac25850a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 14 Nov 2024 08:30:35 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 15
server: Golfe2

GET
H2 200 136025897.js Show response
bat.bing.com/p/action/ 363 B
421 B 58ms
57ms Script
application/javascript 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/136025897.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
content-encoding: br
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 98D4D0F19BE9421F8D2F722562505193 Ref B: MIAEDGE1508 Ref C: 2024-11-14T08:30:35Z
x-cache: CONFIG_NOCACHE
date: Thu, 14 Nov 2024 08:30:34 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding

GET
H3 200 5669557999823491 Show response
connect.facebook.net/signals/config/ 69 KB
14 KB 128ms
128ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/5669557999823491?v=2.9.176&r=stable&domain=www.nelnetbank.slr.sparrowtest.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

2ed1b903db80232880d71aebcd35dd66f01816a806420a9f5b8ea4fa3c4751d8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-n86NWSCN' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-n86NWSCN' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=60, rtx=0, c=76, mss=1232, tbw=70262, tp=65, tpl=0, uplat=66, ullat=0
pragma: public
x-fb-debug: xkjbOLcQAiYbO62AIE3iF+iHS4C9dsnn4XzMF47sleZDNiKHnnmJmKYD8TKCNKQ54zRIiSlMw6vBTii1pSo0/Q==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 204 0
bat.bing.com/action/ 0
360 B 58ms
57ms Image
text/plain 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=136025897&tm=gtm002&Ver=2&mid=cd15b9d5-cb0a-4897-92b2-94d6b3a3968e&bo=1&sid=b851fe00a26211efaa8b998e7596ab42&vid=b8523bc0a26211efa9fe99bd99546151&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Nelnet%20Bank&p=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&r=&lt=2665&evt=pageLoad&sv=1&cdb=AQAQ&rn=281152

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, must-revalidate
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C3B5A34408C34262BB984C372BF80FB9 Ref B: MIAEDGE1508 Ref C: 2024-11-14T08:30:35Z
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 14 Nov 2024 08:30:34 GMT

GET js
www.googletagmanager.com/gtag/ 0
0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.9.0/ 341 KB
74 KB 49ms
44ms Script
application/javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a7830da379aef49b3b3fbfc95e22edb88bc29a7dcaaee81f68a2d4ffdc42b48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5: 56jOXvghU3RiFIKiZ2Zh+g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status: unlocked
cf-bgj: minify
cf-cache-status: HIT
x-ms-version: 2009-09-19
age: 72248
content-encoding: gzip
x-content-type-options: nosniff
cf-polished: origSize=349017
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: application/javascript
last-modified: Fri, 20 Nov 2020 16:34:12 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 395cacfc-501e-00fa-1b66-255a6d000000
cf-ray: 8e25a3f03ea4961a-MIA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H/1.1 200
OK st Show response
px.mountain.com/ 2 KB
1 KB 462ms
115ms Script
application/javascript 52.89.99.220

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&ga_client_id=113504980.1731573035&shpt=Nelnet%20Bank&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1%22%2C%22ga_client_id%22%3A%22113504980.1731573035%22%2C%22shpt%22%3A%22Nelnet%20Bank%22%2C%22dcm_cid%22%3A%221731573035.1%22%2C%22dcm_gid%22%3A%221514479255.1731573035%22%2C%22mntnis%22%3A%7B%7D%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1731573035.1&dcm_gid=1514479255.1731573035&hardcoded_ga=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&dxver=4.0.0&shaid=37208&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cb=62912456742316890term%3Dvalue
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=37208&tdr=&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cb=62912456742316890term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.89.99.220 Boardman, United States, ASN (),
Reverse DNS: ec2-52-89-99-220.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 27b0c9b84deada857295469f100f74d3fee690a09e9e2e1b267e9f149a6b9fa3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

transfer-encoding: chunked
content-encoding: gzip
x-envoy-upstream-service-time: 2
connection: close
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: application/javascript;charset=utf-8
server: istio-envoy

GET
H3 200 /
www.facebook.com/tr/ 0
19 B 135ms
60ms Image
text/plain 157.240.241.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=5669557999823491&ev=PageView&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com&rl=&if=false&ts=1731573035596&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4124&fbp=fb.1.1731573035594.852128507886550604&pm=1&hrl=2c8521&ler=empty&cdl=API_unavailable&it=1731573035453&coo=false&cs_cc=1&cas=7085164444926293%2C6986335164826165&rqm=GET

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=59, rtx=0, c=23, mss=1232, tbw=4489, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
198 B 197ms
123ms Image
image/png 157.240.241.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=5669557999823491&ev=PageView&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com&rl=&if=false&ts=1731573035596&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4124&fbp=fb.1.1731573035594.852128507886550604&pm=1&hrl=2c8521&ler=empty&cdl=API_unavailable&it=1731573035453&coo=false&cs_cc=1&cas=7085164444926293%2C6986335164826165&rqm=FGET

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-lga3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7437049556684817884"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7437049556684817884", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: thMrBwAB3sD7m8QE/MxYC38yT6+tiahn75H1JDXdiLzutK5M+/cbrWKVszRbN6rmySsKa/i2LMOPOUK18XH+OQ==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=59, rtx=0, c=23, mss=1232, tbw=4809, tp=12, tpl=0, uplat=61, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/499aa82b-54fa-47f1-a6f3-e08d213f8337/f3a72441-cbec-484c-9e4d-b4b598b959f2/ 83 KB
18 KB 237ms
236ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/499aa82b-54fa-47f1-a6f3-e08d213f8337/f3a72441-cbec-484c-9e4d-b4b598b959f2/en.json

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fed8976f8267731abcd84353ce8d211fd7b654322572680e463e3a56712f0e50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5: rQYOn8HBZ7Xqi0CqCBAWzQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DC7A9CE7FC2FF6
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
x-content-type-options: nosniff
expires: Fri, 15 Nov 2024 08:30:35 GMT
date: Thu, 14 Nov 2024 08:30:35 GMT
content-type: application/json
last-modified: Wed, 22 May 2024 20:22:30 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 907bcf43-401e-004f-771f-355792000000
cf-ray: 8e25a3f0c980370f-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18714
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 13 KB
4 KB 203ms
202ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otFlat.json

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb44400a61edda0b628ad2ff62cb5d299fab4e7a18d586ae7d70481c6c9550b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5: nLr4hEi4fuLY/p0DQsLcMA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D88D721792550E
x-ms-lease-status: unlocked
cf-cache-status: HIT
x-content-type-options: nosniff
date: Thu, 14 Nov 2024 08:30:36 GMT
content-type: application/json
last-modified: Fri, 20 Nov 2020 16:34:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 07ceb578-801e-00d1-011f-352ed5000000
cf-ray: 8e25a3f249e7370f-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3343
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 62 KB
15 KB 543ms
542ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otPcCenter.json

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e13b47921ee79d3fab38b733e08dc04ca99b25c1880cb25475c9315ddc2146

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5: ue/MTNcIjSCNWtleQfbrzg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8D88D7217E98574
x-ms-lease-status: unlocked
cf-cache-status: HIT
x-content-type-options: nosniff
date: Thu, 14 Nov 2024 08:30:36 GMT
content-type: application/json
last-modified: Fri, 20 Nov 2020 16:34:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 0dea05d7-701e-00ed-5f6f-369a0e000000
cf-ray: 8e25a3f249e8370f-MIA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 14986
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H/1.1 200
OK gs Show response
gs.mountain.com/ 144 B
733 B 461ms
116ms Script
application/javascript 35.81.162.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gs.mountain.com/gs
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&ga_client_id=113504980.1731573035&shpt=Nelnet%20Bank&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1%22%2C%22ga_client_id%22%3A%22113504980.1731573035%22%2C%22shpt%22%3A%22Nelnet%20Bank%22%2C%22dcm_cid%22%3A%221731573035.1%22%2C%22dcm_gid%22%3A%221514479255.1731573035%22%2C%22mntnis%22%3A%7B%7D%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1731573035.1&dcm_gid=1514479255.1731573035&hardcoded_ga=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&dxver=4.0.0&shaid=37208&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cb=62912456742316890term%3Dvalue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.81.162.201 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-81-162-201.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 6d281dd807a79d3685ca09b4d704c7399aafd53d051e7f3797f78fa8a7796bd5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control: public, max-age=31536000
x-envoy-upstream-service-time: 1
connection: close
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
x-application-context: application:prod:8080
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date: Thu, 14 Nov 2024 08:30:36 GMT
content-length: 144
content-type: application/javascript;charset=utf-8
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: istio-envoy
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
210 B 89ms
87ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nelnetbank.slr.sparrowtest.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 01650B1156694AD5849E77BE8DA71662 Ref B: MIAEDGE1505 Ref C: 2024-11-14T08:30:36Z
x-li-fabric: prod-lva1
access-control-allow-credentials: true
x-li-uuid: AAYm20O5W5rZFtKEP7V7ww==
x-li-proto: http/2
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
x-cache: CONFIG_NOCACHE
date: Thu, 14 Nov 2024 08:30:35 GMT
vary: Origin

GET
H/1.1 200
OK icon-close-all-colors.svg
www.nelnet.net/marketingprod/email/images/ 866 B
1 KB 339ms
80ms Image
image/svg+xml 216.69.100.142

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nelnet.net/marketingprod/email/images/icon-close-all-colors.svg

Requested by

Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.69.100.142 , United States, ASN (),

Reverse DNS

Software

Resource Hash

e5bbda35e57164f61f8b55537e15923c87ee6dfecdfb7b1739c5e950ccd2ab85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex
ETag: "8084ecb94843d61:0"
Accept-Ranges: bytes
Content-Length: 866
Date: Thu, 14 Nov 2024 08:30:36 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 15 Jun 2020 19:11:09 GMT

GET
H/1.1 200
OK st Show response
px.mountain.com/ 2 KB
1 KB 363ms
143ms Script
application/javascript 52.89.99.220

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&ga_client_id=113504980.1731573035&shpt=Nelnet%20Bank&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1%22%2C%22ga_client_id%22%3A%22113504980.1731573035%22%2C%22shpt%22%3A%22Nelnet%20Bank%22%2C%22dcm_cid%22%3A%221731573035.1%22%2C%22dcm_gid%22%3A%221514479255.1731573035%22%2C%22mntnis%22%3A%7B%7D%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1731573035.1&dcm_gid=1514479255.1731573035&hardcoded_ga=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&dxver=4.0.0&shaid=37208&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cb=1731573035992118&shguid=f4066cff-e7e4-36ff-aeec-e0e63a7852fc&shgts=1731573036456
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&ga_client_id=113504980.1731573035&shpt=Nelnet%20Bank&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1%22%2C%22ga_client_id%22%3A%22113504980.1731573035%22%2C%22shpt%22%3A%22Nelnet%20Bank%22%2C%22dcm_cid%22%3A%221731573035.1%22%2C%22dcm_gid%22%3A%221514479255.1731573035%22%2C%22mntnis%22%3A%7B%7D%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1731573035.1&dcm_gid=1514479255.1731573035&hardcoded_ga=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&dxver=4.0.0&shaid=37208&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&cb=62912456742316890term%3Dvalue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.89.99.220 Boardman, United States, ASN (),
Reverse DNS: ec2-52-89-99-220.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 422b962aff597c5aca5f9c3aa114fcea7f3fda6abcad9584510b36b3eecd0f09

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

transfer-encoding: chunked
content-encoding: gzip
x-envoy-upstream-service-time: 30
connection: close
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date: Thu, 14 Nov 2024 08:30:36 GMT
content-type: application/javascript;charset=utf-8
server: istio-envoy

GET
H2 200 favicon.ico
www.nelnetbank.slr.sparrowtest.com/ 923 B
1 KB 148ms
147ms Other
image/vnd.microsoft.icon 18.164.124.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nelnetbank.slr.sparrowtest.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.124.62 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-124-62.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

8442aba60307d45590ffff0bc7a330e3b50c856debf1149a1b178600457d419c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag: "cb014465c1b9f63fbc4a11c6ce1b8e5d"
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: LsdKJDyx84I_W2yADEmHOFJG7Q4pV3cXLJzWiWUnlTraXGR9gm6cDw==
date: Thu, 14 Nov 2024 08:30:37 GMT
content-type: image/vnd.microsoft.icon
last-modified: Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: 36000
referrer-policy: strict-origin
via: 1.1 024ebcc63921610877d4ba277290628c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 923
x-amz-cf-pop: JFK50-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 collect
www.google-analytics.com/ 35 B
58 B 62ms
62ms Image
image/gif 142.251.35.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1589937779&t=timing&_s=2&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&ul=en-us&de=UTF-8&dt=Nelnet%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=4459&pdt=2&dns=25&rrt=0&srt=1809&tcp=130&dit=2000&clt=2665&_gst=2429&_gbt=2967&_u=YDDACAABBAAAACAEC~&jid=&gjid=&cid=113504980.1731573035&tid=UA-180194408-1&_gid=1514479255.1731573035&gtm=45He4bc0n815Z2DDNRv833140375za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102077855&z=115388793

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.35.174 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

age: 33988
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 13 Nov 2024 23:04:08 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

POST
H3 200 v2 Show response
rs.fullstory.com/rec/bundle/ 29 B
43 B 164ms
114ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/bundle/v2?OrgId=BB4ET&UserId=3319b818-fea2-4769-957a-2f40d9b57a7c&SessionId=3a1a7787-e099-46ca-928d-9ab52a8f967b&PageId=566b9d03-26b2-4e11-bf54-e91801a3a061&Seq=1&ClientTime=1731573037421&CompiledVersion=0e8b110ed51dbda96d9e20c9428442057807890d&PageStart=1731573034893&PrevBundleTime=0&LastActivity=1812&IsNewSession=true&ContentEncoding=gzip
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 2e469023aaf0b5193483d755e751c1f54b545647ec2bbe87178dfe7bb2cb926d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

via: 1.1 google
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
date: Thu, 14 Nov 2024 08:30:37 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true

GET
H2 200 ffi98qsi Show response
widget.intercom.io/widget/ 7 KB
3 KB 239ms
76ms Script
application/javascript 13.249.91.44

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.intercom.io/widget/ffi98qsi
Requested by: Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BrD-iuFc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.91.44 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: caec2cc5ff9c3e99b578e6e5370d89aa33918a98f5056ad55fb9281b20da35db

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding: gzip
x-amz-version-id: _PoQ7ln94lIv15A69vfM4FJl_Hbwlj5D
etag: "988554a71f0a5f183fcd73acdff8b922"
age: 291
alt-svc: h3=":443"; ma=86400
x-cache: Error from cloudfront
x-amz-cf-id: 6MlHQdqdCQ51gRTa85ZJNRiEZXJDEtL8IpVRwKsYyO5GTQa9M6pivw==
date: Thu, 14 Nov 2024 08:25:51 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding, Origin
last-modified: Wed, 13 Nov 2024 15:05:45 GMT
cache-control: max-age=300, s-maxage=300, public
cross-origin-resource-policy: cross-origin
via: 1.1 8bb749c24f6cadc53e0a4d2b9cdf6ba2.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 2668
x-amz-cf-pop: JFK52-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H3 200 v2 Show response
rs.fullstory.com/rec/bundle/ 29 B
43 B 84ms
84ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/bundle/v2?OrgId=BB4ET&UserId=3319b818-fea2-4769-957a-2f40d9b57a7c&SessionId=3a1a7787-e099-46ca-928d-9ab52a8f967b&PageId=566b9d03-26b2-4e11-bf54-e91801a3a061&Seq=2&ClientTime=1731573039907&CompiledVersion=0e8b110ed51dbda96d9e20c9428442057807890d&PageStart=1731573034893&PrevBundleTime=1731573037490&LastActivity=4303&IsNewSession=true&ContentEncoding=gzip
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 45c77b1937a833b06d2a0b551f2be3c94a337ae1292dbfd405979be5358cbee2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

via: 1.1 google
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
date: Thu, 14 Nov 2024 08:30:39 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true

GET
H2 200 frame-modern.824d1611.js Show response
js.intercomcdn.com/ Frame 0E6C 471 KB
142 KB 352ms
215ms Script
application/javascript 108.139.47.108

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/frame-modern.824d1611.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/ffi98qsi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.47.108 -, , ASN (),

Reverse DNS

Software

AmazonS3 /

Resource Hash

0426e0e193805fea9bc375986cfc916bd60ef93c6ed703ede1254e10f624ae0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: "474ef199e895de84f79af0e4280939ed"
x-amz-version-id: sEpU.oDOorblxpV8ucsrbKXrgbFA1vqv
age: 5092
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 4kVuq87Fjh_EQL13P06KZBXQWuGLcAjZZEqNzokxN0dCAq3NHfsq1A==
date: Thu, 14 Nov 2024 07:05:49 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 13 Nov 2024 15:03:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=7200, public
cross-origin-resource-policy: cross-origin
via: 1.1 a5bf84280caeb8a606c41eaba71ee8be.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 144924
x-amz-cf-pop: JFK50-P1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 vendor-modern.5c288613.js Show response
js.intercomcdn.com/ Frame 0E6C 456 KB
145 KB 206ms
69ms Script
application/javascript 108.139.47.108

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/vendor-modern.5c288613.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/ffi98qsi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.47.108 -, , ASN (),

Reverse DNS

Software

AmazonS3 /

Resource Hash

ad0e16e3e83936688a11f292ef26cd62ff0b2125053c37e9cc8ac41b24f44342

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: "cfcbe890471af67f5140f9f36766a673"
x-amz-version-id: rif4mvb1wbjWaQ9.1VyoBz4QJ8qlO8rb
age: 1543
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: TuqRSuD5qJpQDEpOYXgay_9yzmXqy9IyaHlGYcdV-6ZfCsvFN6JW3A==
date: Thu, 14 Nov 2024 08:04:58 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 13 Nov 2024 15:03:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=7200, public
cross-origin-resource-policy: cross-origin
via: 1.1 a5bf84280caeb8a606c41eaba71ee8be.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 147369
x-amz-cf-pop: JFK50-P1
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 200 launcher_settings Show response
api-iam.intercom.io/messenger/web/ Frame 0E6C 240 B
913 B 219ms
95ms XHR
application/json 54.84.227.99

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/launcher_settings

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.824d1611.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.84.227.99 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

18b99350b2bacac3eee8ea7487c71767edaffb49d7eba620af986fd149b1bd74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer

Response headers

x-request-id: 0018dgm2rbkoi0147mkg
access-control-expose-headers: x-request-id
content-encoding: gzip
etag: W/"18b99350b2bacac3eee8ea7487c71767"
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
status: 200 OK
date: Thu, 14 Nov 2024 08:30:40 GMT
content-type: application/json; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.027025
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-request-queueing: 0
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
x-xss-protection: 1; mode=block
x-intercom-version: 6f5d3b6ef728b766c38a9b4009c34a8f98be0b16
x-ami-version: ami-0d82ec08b45e6923b
server: nginx

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame 0E6C 4 KB
2 KB 401ms
281ms XHR
application/json 54.84.227.99

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.824d1611.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.84.227.99 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

3a9521110ca0e2f0cf7f7cda35fa03f9c81b20ef3a8520fa792817142097092a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer

Response headers

x-request-id: 0000fgtju0lc083h0fkg
access-control-expose-headers: x-request-id
content-encoding: gzip
etag: W/"3a9521110ca0e2f0cf7f7cda35fa03f9"
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
status: 200 OK
date: Thu, 14 Nov 2024 08:30:41 GMT
content-type: application/json; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.217708
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-request-queueing: 0
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
x-xss-protection: 1; mode=block
x-intercom-version: 6f5d3b6ef728b766c38a9b4009c34a8f98be0b16
x-ami-version: ami-0d82ec08b45e6923b
server: nginx

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame 0E6C 4 KB
2 KB 207ms
206ms XHR
application/json 54.84.227.99

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.824d1611.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.84.227.99 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

615411e7919d3fca3abbb00b2cb1b9e7646c5afa5fc2576c7fba1613ab76ed92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer

Response headers

x-request-id: 0017l84tgiko4dn5svbg
access-control-expose-headers: x-request-id
content-encoding: gzip
etag: W/"615411e7919d3fca3abbb00b2cb1b9e7"
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
status: 200 OK
date: Thu, 14 Nov 2024 08:30:41 GMT
content-type: application/json; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.145684
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-request-queueing: 0
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
x-xss-protection: 1; mode=block
x-intercom-version: 6f5d3b6ef728b766c38a9b4009c34a8f98be0b16
x-ami-version: ami-0d82ec08b45e6923b
server: nginx

POST
H2 204 collect
analytics.google.com/g/ 0
0 75ms
75ms Fetch
text/plain 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-E85CJLWCP7&gtm=45je4bc0v9100074456z8833140375za200zb833140375&_p=1731573034421&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102077855&cid=113504980.1731573035&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sid=1731573035&sct=1&seg=0&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&dt=Nelnet%20Bank&_s=2&tfd=9469
Requested by: Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 14 Nov 2024 08:30:41 GMT
content-type: text/plain
server: Golfe2

POST
H3 200 v2 Show response
rs.fullstory.com/rec/bundle/ 29 B
43 B 85ms
83ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/bundle/v2?OrgId=BB4ET&UserId=3319b818-fea2-4769-957a-2f40d9b57a7c&SessionId=3a1a7787-e099-46ca-928d-9ab52a8f967b&PageId=566b9d03-26b2-4e11-bf54-e91801a3a061&Seq=3&ClientTime=1731573044907&CompiledVersion=0e8b110ed51dbda96d9e20c9428442057807890d&PageStart=1731573034893&PrevBundleTime=1731573039941&LastActivity=9303&IsNewSession=true&ContentEncoding=gzip
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 6bdded6410f75f487eb2c83a72847b2484125f057e2a8f71a53a209285be7dda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.nelnetbank.slr.sparrowtest.com/

Response headers

via: 1.1 google
access-control-allow-origin: https://www.nelnetbank.slr.sparrowtest.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
date: Thu, 14 Nov 2024 08:30:44 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/nelnetinc/nelnetbank/scripts/evergage.min.js

Domain: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LEV6TNB7HC&cx=c&_slc=1

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sparrowtest.com/	1970-01-21 03:09:09	Name: _gcl_au Value: 1.1.497649273.1731573035
.sparrowtest.com/	1970-01-21 00:59:34	Name: fs_lua Value: 1.1731573034741
.sparrowtest.com/	1970-01-21 09:45:09	Name: fs_uid Value: #BB4ET#3319b818-fea2-4769-957a-2f40d9b57a7c:3a1a7787-e099-46ca-928d-9ab52a8f967b:1731573034741::1#/1763109036
.sparrowtest.com/	1970-01-21 10:35:33	Name: _ga Value: GA1.1.113504980.1731573035
.nelnetbank.slr.sparrowtest.com/	1970-01-21 10:35:33	Name: _ga Value: GA1.4.113504980.1731573035
.nelnetbank.slr.sparrowtest.com/	1970-01-21 01:00:59	Name: _gid Value: GA1.4.1514479255.1731573035
.nelnetbank.slr.sparrowtest.com/	1970-01-21 00:59:33	Name: _gat_UA-180194408-1 Value: 1
.doubleclick.net/	1970-01-21 00:59:33	Name: test_cookie Value: CheckForPermission
.sparrowtest.com/	1970-01-21 01:00:59	Name: _uetsid Value: b851fe00a26211efaa8b998e7596ab42
.sparrowtest.com/	1970-01-21 10:21:09	Name: _uetvid Value: b8523bc0a26211efa9fe99bd99546151
.bing.com/	1970-01-21 10:21:09	Name: MUID Value: 3161BF24736D6FC421C7AA1372FD6ED8
.bat.bing.com/	1970-01-21 01:09:37	Name: MR Value: 0
.linkedin.com/	1970-01-21 03:09:09	Name: li_sugr Value: 7f7cc7b4-d3e5-4266-8bf0-00b741f6935e
.linkedin.com/	1970-01-21 09:45:09	Name: bcookie Value: "v=2&a70ce22b-2bd5-4791-8b51-a45685be84c7"
.linkedin.com/	1970-01-21 01:00:59	Name: lidc Value: "b=VGST01:s=V:r=V:a=V:p=V:g=3391:u=1:x=1:i=1731573035:t=1731659435:v=2:sig=AQG0C9SLLcnxW_YUQeoFEZBRzMeti-wb"
.sparrowtest.com/	1970-01-21 03:09:09	Name: _fbp Value: fb.1.1731573035594.852128507886550604
.linkedin.com/	1970-01-21 01:42:45	Name: UserMatchHistory Value: AQLP9Zhf2VaUqQAAAZMpy7JmXSNRkz4CbKxZByjJF2AOFpqx_ZEhnqQf9ZDS_SL-TnDZ_enSayqVwg
.linkedin.com/	1970-01-21 01:42:45	Name: AnalyticsSyncHistory Value: AQJ2xL4wfgAR7wAAAZMpy7JmXTYOEf2JSktpWR2QL_nnZHTNRLmd0vicOd5-SjlhMaq-Bo7zigQvgpdBmKxfeg
.www.linkedin.com/	1970-01-21 09:45:09	Name: bscookie Value: "v=1&2024111408303522d99038-ab91-4dc1-8476-4ce08de98ca7AQHTPjSHgTXUPUohU9dD7_CGCIWqYz0u"
.linkedin.com/	1970-01-21 00:59:34	Name: __cf_bm Value: B3qWdPl_wC0Lw_quwfJRLkz0X7SquaaPQDOBTiMMo5U-1731573035-1.0.1.1-gKSjjHFGUwluFGFCw9mfuMvVDS1nMW5f0J7qw1jEsQtKM9ooMeJjpeKQNkQBeFKoJLUjZtO0FEsmONE8sOxrDQ
.mountain.com/	1970-01-21 09:45:09	Name: guid Value: b8a2661c-a262-11ef-b6e7-7dcb1bdb197d
.px.mountain.com/	1970-01-21 09:45:09	Name: tt Value: H4sIAAAAAAAAAKtWKlOyMqoFAP609q8HAAAA
.sparrowtest.com/	1970-01-21 10:35:33	Name: _ga_E85CJLWCP7 Value: GS1.1.1731573035.1.0.1731573036.59.0.0

25 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.googletagmanager.com/ Message: Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "frame-src 'self' td.doubleclick.net".
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	error	URL: https://www.nelnetbank.slr.sparrowtest.com/(Line 15) Message: Refused to connect to 'https://3.212.39.155/is' because it violates the following Content Security Policy directive: "connect-src 'self' .intercomcdn.com .intercom.io wss://.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io .sparrowtest.com .sparrowfi.com .fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://.google.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com *.linkedin.com stats.g.doubleclick.net".
javascript	error	URL: https://www.nelnetbank.slr.sparrowtest.com/(Line 15) Message: Refused to connect to 'https://3.212.39.155/is' because it violates the document's Content Security Policy.
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	error	URL: https://bat.bing.com/bat.js Message: Refused to connect to 'https://bat.bing.com/actionp/0?ti=136025897&tm=gtm002&Ver=2&mid=cd15b9d5-cb0a-4897-92b2-94d6b3a3968e&bo=2&sid=b851fe00a26211efaa8b998e7596ab42&vid=b8523bc0a26211efa9fe99bd99546151&vids=1&msclkid=N&evt=pageHide' because it violates the following Content Security Policy directive: "connect-src 'self' .intercomcdn.com .intercom.io wss://.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io .sparrowtest.com .sparrowfi.com .fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://.google.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com *.linkedin.com stats.g.doubleclick.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content; default-src 'self'; script-src 'nonce-8VlKhWJ66AtMiKn8pQYlMg==' 'strict-dynamic' 'self' widget.intercom.io .intercomcdn.com cdnjs.cloudflare.com maps.googleapis.com .fullstory.com https://.googletagmanager.com bat.bing.com cdn.cookielaw.org connect.facebook.net snap.licdn.com cdn.evgnet.com/beacon/nelnetinc/nelnetbank/scripts/evergage.min.js www.google-analytics.com googleads.g.doubleclick.net .sparrowtest.com 'sha256-XKl1DCtIkUBRvq1BiT9zIBS3ACWpsKjHNhFzq0JmE+c=' 'sha256-BibpoDGtLcqJmldHiTEJJaxae7rPNurFYXgWVCO4EVw=' 'sha256-Cp2zw0VJ1mIDeLf9E/9u2yfQ4K8yceNQMHk0BbUny8w=' 'sha256-PDHO0RDk4w5XlXMawrYw+4fVwJ5VvxjsZ0ocFGd3SzA=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-yxBn2Gp5NuqMNi7ReuwA3JbUbGjVKzk65Z2zsrps7Oc=' 'sha256-bvNubAaanvzctSH2Bj6ENjJoNk03JMpLZL4AeDGgepg=' 'sha256-F3Qj+IRGZEqGdWNLdiYQFEfi+pCkL2mRTY8vVLr+Q44='; style-src 'self' .sparrowtest.com .sparrowfi.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; font-src 'self' .intercomcdn.com .sparrowtest.com .sparrowfi.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' .intercomcdn.com .intercom.io wss://.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io .sparrowtest.com .sparrowfi.com .fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://.google.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com .linkedin.com stats.g.doubleclick.net; img-src 'self' .intercomcdn.com static.intercomassets.com d3iunsqowh8khd.cloudfront.net d35hce9fx6cz15.cloudfront.net cdnjs.cloudflare.com bat.bing.com www.nelnet.net www.facebook.com .linkedin.com www.google.com https://.google-analytics.com https://.googletagmanager.com data:; frame-src 'self' td.doubleclick.net
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
api-iam.intercom.io
bat.bing.com
cdn.cookielaw.org
cdn.evgnet.com
cdnjs.cloudflare.com
connect.facebook.net
dx.mountain.com
edge.fullstory.com
fonts.googleapis.com
googleads.g.doubleclick.net
gs.mountain.com
js.intercomcdn.com
px.ads.linkedin.com
px.mountain.com
px4.ads.linkedin.com
rs.fullstory.com
snap.licdn.com
stats.g.doubleclick.net
td.doubleclick.net
widget.intercom.io
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
www.nelnet.net
www.nelnetbank.slr.sparrowtest.com
cdn.evgnet.com
www.googletagmanager.com
104.17.25.14
108.139.47.108
13.107.42.14
13.249.91.44
142.251.16.157
142.251.35.174
142.251.40.100
157.240.241.1
157.240.241.35
18.164.124.62
216.69.100.142
2600:141b:1c00:6::17df:d120
2606:4700:4400::ac40:92d7
2606:4700::6812:572a
2607:f8b0:4004:c07::61
2607:f8b0:4004:c17::5f
2607:f8b0:4004:c1f::9b
2607:f8b0:4004:c21::9d
2607:f8b0:4006:80e::200e
2607:f8b0:4006:821::200e
2620:1ec:21::14
2620:1ec:33:1::10
35.186.194.58
35.201.112.186
35.81.162.201
44.209.137.118
52.89.99.220
54.84.227.99
0426e0e193805fea9bc375986cfc916bd60ef93c6ed703ede1254e10f624ae0a
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
0a7830da379aef49b3b3fbfc95e22edb88bc29a7dcaaee81f68a2d4ffdc42b48
18b99350b2bacac3eee8ea7487c71767edaffb49d7eba620af986fd149b1bd74
1feca2279a6e78133bf577b99e4f3e82896622c255d29017cec5f5cfa93e4d16
25a23f99d58e3cdecf7c148aa921a390b283666aeccc09e1fb7932ccdb219d92
27b0c9b84deada857295469f100f74d3fee690a09e9e2e1b267e9f149a6b9fa3
2cf210fd84fd02e9dd57208fdec607d5dbea51d3b7eee241ef042d359e51b9c1
2e469023aaf0b5193483d755e751c1f54b545647ec2bbe87178dfe7bb2cb926d
2ed1b903db80232880d71aebcd35dd66f01816a806420a9f5b8ea4fa3c4751d8
3883e9c7bd01cd5c2f70a3a90f7efbdd848b72f099651ef2caff00257cceda63
3a4cc28baf83799e86168d5f90ea9a7544b593042e90e6b0ef2cb3ce15363d96
3a9521110ca0e2f0cf7f7cda35fa03f9c81b20ef3a8520fa792817142097092a
422089279a8d45dacd36064f612cfb1215a1e5186686a3da70ac577807a21ee4
422b962aff597c5aca5f9c3aa114fcea7f3fda6abcad9584510b36b3eecd0f09
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44ee00fe25dc14fe023588ffab5c0fa24788008d5c1daea9d3e6736b071e1b10
45c77b1937a833b06d2a0b551f2be3c94a337ae1292dbfd405979be5358cbee2
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
4fc817364277ef9c6b2de3747b0f9a06c5e91696eb304cd3b025f0ac5fc1b858
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
561eacd7a78089616588e8c34af06cce4d7592f578f62d2db2ebb66596483051
58dbc281a760c430b721eec00f569db500cd7cb2cf5024f04eec0a537a50286f
5ca51946d12e79356fcc18525cd72362ced502eb49a7f117b7da43cf3a86bced
5cbf1455bbcabfd9a9a069e1d46f48f491347737ab6990f926d5cba7ac25850a
615411e7919d3fca3abbb00b2cb1b9e7646c5afa5fc2576c7fba1613ab76ed92
639b9ac8aa01c4ceae4f71c565fd5a1a328de578392cba618b40157a9198195e
6bdded6410f75f487eb2c83a72847b2484125f057e2a8f71a53a209285be7dda
6d281dd807a79d3685ca09b4d704c7399aafd53d051e7f3797f78fa8a7796bd5
6e05ff1a7ed11597c87b4df200fb58a0dac512021bd03a3b52ee41f64ce69846
729b4931457b15d335860cf1a2d9d3613e40f3c1deb0367c781d32303cdb3e79
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8442aba60307d45590ffff0bc7a330e3b50c856debf1149a1b178600457d419c
84e13b47921ee79d3fab38b733e08dc04ca99b25c1880cb25475c9315ddc2146
9c3a508b6f8a33e1f9f7e964c6f70e2c364bb836d69ad40912a873f4a30be96f
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ad0e16e3e83936688a11f292ef26cd62ff0b2125053c37e9cc8ac41b24f44342
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
b5791678cff4b6dd63a7158ec05af3d9466a1f0f7185afe17f6cbf89df951488
b8c093e6f421e3e70117b9b6bc33ed5b4cdfbd6cf1a1c8fdedbf38e6c441b9bc
bc27ad01d2f8eb11cfdb80ff708214db38c85a0e039f772a282a8757b0230193
caec2cc5ff9c3e99b578e6e5370d89aa33918a98f5056ad55fb9281b20da35db
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e5bbda35e57164f61f8b55537e15923c87ee6dfecdfb7b1739c5e950ccd2ab85
e86c9ac3be37614df8f5981e23bc1952a5598265bc48839004eb3aa2575de844
ea16d67ed8233e371bfa427a71e4576c39e87ed45123738b53b94c31b5f95779
efa9095d7835cec77935c57cf99e63942bcda1a59e487ae23523647d8f8c270e
fb44400a61edda0b628ad2ff62cb5d299fab4e7a18d586ae7d70481c6c9550b2
fead34fdd63cd9d039aee9552f7974975116b6f1494e0e110b9c38a1193e9fd2
fed8976f8267731abcd84353ce8d211fd7b654322572680e463e3a56712f0e50

www.nelnetbank.slr.sparrowtest.com Open in urlscan Pro 18.164.124.62 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

62 Requests

95 %HTTPS

39 %IPv6

19 Domains

28 Subdomains

28 IPs

2 Countries

1837 kBTransfer

6280 kBSize

23 Cookies

3 Outgoing links

Redirected requests

62 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.nelnetbank.slr.sparrowtest.com Open in urlscan Pro
18.164.124.62 Public Scan

Screenshot
Live screenshot

Full Image

62
Requests

95 %
HTTPS

39 %
IPv6

19
Domains

28
Subdomains

28
IPs

2
Countries

1837 kB
Transfer

6280 kB
Size

23
Cookies

62 HTTP transactions
5 data transactions